Threat Advisory

Dell Power Manager Flaw Allows Attackers to Execute Malicious Code

Threat: Vulnerability
Criticality: High

EXECUTIVE SUMMARY:

A critical vulnerability in Dell Power Manager (DPM) has been discovered, allowing attackers with local access and low privileges to execute malicious code and escalate privileges. This flaw, identified as CVE-2024-49600, affects versions prior to 3.17 of Dell Power Manager and can lead to full system compromise. The issue is due to improper access control, enabling attackers to bypass restrictions and access sensitive system functions.

 

  • CVE-2024-49600: A critical vulnerability in Dell Power Manager, caused by improper access control in versions prior to 3.17, allows attackers with local access to execute arbitrary code and escalate privileges, potentially leading to full system compromise. The CVSS score for this vulnerability is 7.8, indicating a high severity level with significant risks to confidentiality, integrity, and availability.

 

Upgrading to the latest software release is crucial to mitigate the risks associated with this critical vulnerability. Additionally, implementing strong security measures and limiting local access can help reduce potential exposure.

RECOMMENDATION:

  • We strongly recommend you update Dell Power Manager to version 3.17 or later.

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/dell-power-manager-code-execution-vulnerability/

crossmenu