CVE-2024-47477
Undergoing Analysis Undergoing Analysis - In Progress
Improper Certificate Validation in Dell PowerFlex Manager

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Dell

Description
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2024-47477
EUVD
EUVD-2024-55639
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dell powerflex_manager to 4.5.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Dell PowerFlex Manager versions prior to 4.5.1.1 have an improper certificate validation vulnerability. This means the software does not correctly verify the authenticity of certificates, which can be exploited by a remote unauthenticated attacker.

An attacker could use this flaw in combination with DNS cache poisoning to perform a man-in-the-middle attack, intercepting or altering communications between users and the system.

Impact Analysis

This vulnerability can allow a remote attacker to intercept and potentially manipulate communications between users and the Dell PowerFlex Manager system without authentication.

Such man-in-the-middle attacks can lead to unauthorized disclosure of sensitive information and compromise the integrity of data exchanged.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-47477. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart