Improper Access Control Vulnerability in Dell Power Manager
CVE-2023-32450

6.1MEDIUM

Key Information:

Vendor: Dell
Status: Dell Power Manager (dpm)
Vendor: CVE Published:; 27 July 2023

Summary

Dell Power Manager versions 3.3 to 3.14 contain an improper access control vulnerability that allows a low-privileged malicious user to potentially exploit the system, leading to arbitrary code execution. This can occur due to insufficient restrictions placed on user access, making it essential for users to apply the latest security updates to mitigate any risks associated with this vulnerability.

Affected Version(s)

Dell Power Manager (DPM) Versions 3.3 to 3.14

References

https://www.dell.com/support/kbdoc/en-us/000215215/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2023
Vulnerability Reserved
May 9, 2023