Dell Technologies has identified a security vulnerability in Dell Power Manager (DPM), affecting versions 3.15.0 and prior.
This vulnerability, identified as CVE-2024-39576, involves an Incorrect Privilege Assignment that could allow a low-privileged attacker with local access to execute code and elevate their privileges.
Vulnerability Details
Lefteris Panos from LRQA Nettitude discovered this vulnerability, identified as CVE-2024-39576, in Dell Power Manager. This flaw is classified as an Incorrect Privilege Assignment vulnerability, which could be exploited by a low-privileged attacker with local access.
Successful exploitation of this vulnerability could result in code execution and elevation of privileges on the affected system. The vulnerability has been assigned a CVSS Base Score of 8.8, indicating a high level of severity, with a CVSS vector string of CVSS:3.1.
The vulnerability affects Dell Power Manager versions prior to 3.16.0, highlighting the need for users to update their software to mitigate potential risks.
“Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and Elevation of privileges.” said Dell released notes.
Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial
Workarounds & Mitigations
There are currently no workarounds or mitigations available for this vulnerability. Dell Technologies strongly recommends updating to the remediated version to mitigate potential risks.
Affected Products:
- Product: Dell Power Manager
- Software/Firmware: Versions prior to 3.16.0
- Remediated Versions: Dell Power Manager version 3.16.0 or later
Dell Technologies advises all customers to consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity of this security vulnerability.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial