Low Privilege Attack Could Lead to Code Execution and Elevated Privileges in Dell Power Manager
CVE-2024-39576
8.8HIGH
Summary
Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Affected Version(s)
Dell Power Manager (DPM) < 3.16.0
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Dell would like to thank Lefteris Panos from LRQA Nettitude for reporting this issue