Code Injection Vulnerability Affects Dell OpenManage Enterprise
CVE-2024-45766

8.8HIGH

Key Information:

Vendor: Dell
Status: Dell Openmanage Enterprise
Vendor: CVE Published:; 17 October 2024

Summary

Dell OpenManage Enterprise, specifically version OME 4.1 and earlier, exhibits a vulnerability that permits improper control over code generation, identifiable as a code injection flaw. This weakness could be exploited by low privileged remote attackers, enabling them to execute arbitrary code that may compromise system security. Addressing this vulnerability promptly is crucial for maintaining the integrity and security of the affected systems.

Affected Version(s)

Dell OpenManage Enterprise < 4.2.0

References

https://www.dell.com/support/kbdoc/en-us/000237300/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Sep 6, 2024

Credit

Dell would like to thank B4gpipe for reporting these issues.