Low Privilege Attack Could Lead to Code Execution and Elevated Privileges in Dell Power Manager

CVE-2024-39576

8.8HIGH

Key Information

Vendor: Dell
Status: Dell Power Manager (dpm)
Vendor: CVE Published:; 22 August 2024

Summary

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Affected Version(s)

Dell Power Manager (DPM) < 3.16.0

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 22, 2024
Vulnerability Reserved.
Jun 26, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dell would like to thank Lefteris Panos from LRQA Nettitude for reporting this issue