DLL Injection Vulnerability in Dell OpenManage Server Administrator
CVE-2022-34396

7HIGH

Key Information:

Vendor: Dell
Status: Openmanage Server Administrator (omsa)
Vendor: CVE Published:; 1 February 2023

What is CVE-2022-34396?

The vulnerability in Dell OpenManage Server Administrator versions up to 10.3.0.0 allows local low-privileged authenticated attackers to perform DLL injection. This may enable the execution of arbitrary code with elevated privileges, potentially compromising the entire system. Users are advised to apply the necessary security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

OpenManage Server Administrator (OMSA) 0 <= 10.3.0.0

References

https://www.dell.com/support/kbdoc/en-us/000206609/dsa-20...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jun 23, 2022