Lucene search

DellCVE-2024-39576

HistoryAug 22, 2024 - 3:15 a.m.

CVE-2024-39576

2024-08-2203:15:03

CWE-266

dell

web.nvd.nist.gov

dell power manager

privilege assignment

vulnerability

code execution

elevation

privileges

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.5%

JSON

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Affected configurations

Vulners

Vulnrichment

Node

dellpower_managerRange≤3.16.0

VendorProductVersionCPE
dellpower_manager*cpe:2.3:a:dell:power_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	power_manager	*	cpe:2.3:a:dell:power_manager::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Power Manager (DPM)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.16.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000227010/dsa-2024-323

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-39576