EXECUTIVE SUMMARY:
A critical vulnerability in Dell Power Manager (DPM) has been discovered, allowing attackers with local access and low privileges to execute malicious code and escalate privileges. This flaw, identified as CVE-2024-49600, affects versions prior to 3.17 of Dell Power Manager and can lead to full system compromise. The issue is due to improper access control, enabling attackers to bypass restrictions and access sensitive system functions.
Upgrading to the latest software release is crucial to mitigate the risks associated with this critical vulnerability. Additionally, implementing strong security measures and limiting local access can help reduce potential exposure.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/dell-power-manager-code-execution-vulnerability/