A critical security vulnerability has been discovered in Dell Power Manager (DPM), a widely used application for managing power settings on Dell systems.
The flaw, identified as CVE-2024-49600, allows attackers with low privileges and local access to execute malicious code and escalate their privileges, posing a significant security risk to affected systems.
Details Of The Vulnerability
The vulnerability stems from improper access control in Dell Power Manager versions prior to 3.17.
Exploiting this flaw could enable attackers to bypass restrictions and gain unauthorized access to sensitive system functions. Once exploited, the attacker could execute arbitrary code, potentially leading to full system compromise.
The vulnerability has been assigned a CVSS Base Score of 7.8, indicating a high severity level.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which highlights that the attack requires local access but has low complexity and does not require user interaction. The impact includes high confidentiality, integrity, and availability risks.
The following table summarizes the affected and remediated versions:
| Product | Software/Firmware | Affected Versions | Remediated Versions | Release Date |
|---|---|---|---|---|
| Dell Power Manager | Software | Versions prior to 3.17 | Version 3.17 or later | December 5, 2024 |
Dell Technologies has released version 3.17 of Dell Power Manager to address this issue. Users are strongly advised to update their software immediately to mitigate potential risks.
Workarounds And Mitigations
Unfortunately, no workarounds or mitigations are available for this vulnerability. The only recommended course of action is upgrading to the latest version of Dell Power Manager.
Users should also ensure that their systems are protected by implementing robust endpoint security measures and restricting local access where possible.
Acknowledgments
Dell Technologies has credited TsungShu Chiu from CHT Security for identifying and responsibly disclosing this vulnerability.
Dell urges all users to assess the CVSS base score alongside any relevant temporal or environmental factors that could influence the severity of this vulnerability in their specific context.
Organizations should prioritize patching affected systems to prevent exploitation.
For more information or assistance with updating your system, refer to Dell’s official support channels.
This vulnerability underscores the importance of maintaining up-to-date software and implementing proactive security measures to protect against emerging threats.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses