CVE-2024-28964
First published: Wed Jun 12 2024(Updated: )
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Common Event Enabler | <=8.9.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-28964?
CVE-2024-28964 is considered a critical vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2024-28964?
To address CVE-2024-28964, update the Dell Common Event Enabler to version 8.9.10.1 or later.
Who is affected by CVE-2024-28964?
CVE-2024-28964 affects users of Dell Common Event Enabler version 8.9.10.0 and earlier on Windows systems.
What is the impact of exploiting CVE-2024-28964?
Exploiting CVE-2024-28964 could allow a local unauthenticated attacker to execute arbitrary code within the context of the logged-in user.
What component of Dell software contains the CVE-2024-28964 vulnerability?
The insecure deserialization vulnerability in CVE-2024-28964 is found in the CAVATools component of Dell Common Event Enabler.
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/dell
- canonical/dell common event enabler
- version/dell common event enabler/8.9.10.0