Dell Technologies has issued a security advisory, DSA-2024-439, to alert users of a critical vulnerability in its Dell Power Manager software.
The vulnerability, identified as CVE-2024-49600, could allow malicious attackers to execute arbitrary code and gain elevated privileges on the affected systems. Users are urged to update immediately to mitigate potential risks.
The vulnerability has been rated as High Impact, with a CVSS Base Score of 7.8. It stems from improper access control within the software, enabling a low-privileged malicious actor with local access to exploit the system.
If exploited, it could lead to significant consequences, including code execution and escalation of privileges.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Dell Technologies has disclosed a critical security vulnerability in its Power Manager software, identified as CVE-2024-49600. This vulnerability arises from improper access control in versions before 3.17.
It allows a low-privileged user with local access to execute malicious code and elevate privileges on the affected system.
With a CVSS Base Score of 7.8, the flaw poses a significant risk to affected systems, potentially compromising confidentiality, integrity, and availability.
Dell strongly recommends all users update to version 3.17 or later to mitigate this serious vulnerability.
Dell advises users to evaluate both the base CVSS score and related temporal or environmental conditions that may increase the severity of this vulnerability.
Affected Products & Remediation
The vulnerability affects versions of Dell Power Manager released before 3.17. Dell has released a security update in version 3.17 to address the issue. Users are strongly encouraged to update to this version or later.
| Product | Software/Firmware | Affected Versions |
| Dell Power Manager | Software | Versions prior to 3.17 |
No official workarounds or mitigations are available. Dell recommends upgrading to the remediated version (3.17) immediately to secure your systems.
Dell Technologies extends its gratitude to TsungShu Chiu (CHT Security) for identifying and responsibly reporting CVE-2024-49600.
Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Try for Free
The GitVenom campaign, a sophisticated cyber threat, has been exploiting GitHub repositories to spread malware…
In a recent escalation of cyber threats, hackers have launched a targeted campaign, identified as…
A recent cybersecurity investigation has uncovered a cluster of 16 malicious Chrome extensions that have…
A significant vulnerability has been discovered in the Sliver C2 server, a popular open-source cross-platform…
A significant breakthrough in bypassing Windows activation has been achieved with the introduction of TSforge,…
The AhnLab Security Intelligence Center (ASEC) has uncovered a new cyberattack campaign leveraging the LummaC2…