Dell Technologies recently issued a security advisory, DSA-2024-439, to inform users about a critical vulnerability found in its Dell Power Manager software. The vulnerability, known as CVE-2024-49600, has the potential to allow malicious attackers to execute arbitrary code and gain elevated privileges on the affected systems. Therefore, users are strongly advised to update their software immediately to minimize any potential risks associated with the vulnerability.
Rated as High Impact with a CVSS Base Score of 7.8, the vulnerability is a result of improper access control within the software, which could be exploited by a low-privileged malicious actor with local access to the system. If successfully exploited, the consequences could be severe, including code execution and the escalation of privileges.
Dell Technologies has revealed that the vulnerability, identified as CVE-2024-49600, arises from improper access control in versions of the Power Manager software released before 3.17. This flaw allows a low-privileged user with local access to execute malicious code and elevate privileges on the affected system. With a CVSS Base Score of 7.8, the vulnerability poses a significant risk to affected systems, potentially compromising confidentiality, integrity, and availability. Dell strongly recommends that all users update to version 3.17 or later to address this serious vulnerability.
Users are also cautioned to consider both the base CVSS score and any related temporal or environmental conditions that could potentially increase the severity of this vulnerability. The affected products include versions of Dell Power Manager released before 3.17. Dell has released a security update in version 3.17 to mitigate the issue, and users are urged to update to this version or later to protect their systems.
Unfortunately, no official workarounds or mitigations are currently available for this vulnerability. Therefore, Dell advises users to upgrade to the remediated version (3.17) as soon as possible to secure their systems. Dell Technologies expressed its gratitude to TsungShu Chiu (CHT Security) for identifying and responsibly reporting CVE-2024-49600.
In conclusion, it is crucial for users of Dell Power Manager software to take immediate action to update their software to version 3.17 or later to safeguard their systems from the potential risks associated with the CVE-2024-49600 vulnerability. By following Dell’s recommendations and staying vigilant, users can ensure the security and integrity of their systems in the face of evolving cybersecurity threats.