Low Privilege Attack Could Lead to Code Execution and Elevated Privileges in Dell Power Manager

CVE-2024-39576
8.8HIGH

Key Information

Vendor
Dell
Status
Dell Power Manager (dpm)
Vendor
CVE Published:
22 August 2024

Summary

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Affected Version(s)

Dell Power Manager (DPM) < 3.16.0

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Dell would like to thank Lefteris Panos from LRQA Nettitude for reporting this issue
.