Dell Power Manager Vulnerability Allow Attackers Gain Unauthorized Access – Patch Now!
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Dell Technologies has identified a security vulnerability in Dell Power Manager (DPM), affecting versions 3.15.0 and prior.
This vulnerability, identified as CVE-2024-39576, involves an Incorrect Privilege Assignment that could allow a low-privileged attacker with local access to execute code and elevate their privileges.
Vulnerability Details
Lefteris Panos from LRQA Nettitude discovered this vulnerability, identified as CVE-2024-39576, in Dell Power Manager. This flaw is classified as an Incorrect Privilege Assignment vulnerability, which could be exploited by a low-privileged attacker with local access.
Successful exploitation of this vulnerability could result in code execution and elevation of privileges on the affected system. The vulnerability has been assigned a CVSS Base Score of 8.8, indicating a high level of severity, with a CVSS vector string of CVSS:3.1.
The vulnerability affects Dell Power Manager versions prior to 3.16.0, highlighting the need for users to update their software to mitigate potential risks.
“Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and Elevation of privileges.” said Dell released notes.
Workarounds & Mitigations
There are currently no workarounds or mitigations available for this vulnerability. Dell Technologies strongly recommends updating to the remediated version to mitigate potential risks.
Affected Products :
Dell Technologies advises all customers to consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity of this security vulnerability.
#Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Dell Power Manager Vulnerability Allow Attackers Gain Unauthorized Access – Patch Now!
Author: Balaji NDell Technologies has identified a security vulnerability in Dell Power Manager (DPM), affecting versions 3.15.0 and prior.
This vulnerability, identified as CVE-2024-39576, involves an Incorrect Privilege Assignment that could allow a low-privileged attacker with local access to execute code and elevate their privileges.
Vulnerability Details
Lefteris Panos from LRQA Nettitude discovered this vulnerability, identified as CVE-2024-39576, in Dell Power Manager. This flaw is classified as an Incorrect Privilege Assignment vulnerability, which could be exploited by a low-privileged attacker with local access.
Successful exploitation of this vulnerability could result in code execution and elevation of privileges on the affected system. The vulnerability has been assigned a CVSS Base Score of 8.8, indicating a high level of severity, with a CVSS vector string of CVSS:3.1.
The vulnerability affects Dell Power Manager versions prior to 3.16.0, highlighting the need for users to update their software to mitigate potential risks.
“Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and Elevation of privileges.” said Dell released notes.
Workarounds & Mitigations
There are currently no workarounds or mitigations available for this vulnerability. Dell Technologies strongly recommends updating to the remediated version to mitigate potential risks.
Affected Products :
- Product : Dell Power Manager
- Software/Firmware : Versions prior to 3.16.0
- Remediated Versions : Dell Power Manager version 3.16.0 or later
Dell Technologies advises all customers to consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity of this security vulnerability.
#Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
