Dell Warns of Critical Code Execution Vulnerability in Power Manager

Dell Technologies has issued a security advisory, DSA-2024-439, to alert users of a critical vulnerability in its Dell Power Manager software.

The vulnerability, identified as CVE-2024-49600, could allow malicious attackers to execute arbitrary code and gain elevated privileges on the affected systems. Users are urged to update immediately to mitigate potential risks.

The vulnerability has been rated as High Impact, with a CVSS Base Score of 7.8. It stems from improper access control within the software, enabling a low-privileged malicious actor with local access to exploit the system.

If exploited, it could lead to significant consequences, including code execution and escalation of privileges.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

CVE-2024-49600 – Vulnerability Details

Dell Technologies has disclosed a critical security vulnerability in its Power Manager software, identified as CVE-2024-49600. This vulnerability arises from improper access control in versions before 3.17.

It allows a low-privileged user with local access to execute malicious code and elevate privileges on the affected system.

With a CVSS Base Score of 7.8, the flaw poses a significant risk to affected systems, potentially compromising confidentiality, integrity, and availability.

Dell strongly recommends all users update to version 3.17 or later to mitigate this serious vulnerability.

Dell advises users to evaluate both the base CVSS score and related temporal or environmental conditions that may increase the severity of this vulnerability.

Affected Products & Remediation

The vulnerability affects versions of Dell Power Manager released before 3.17. Dell has released a security update in version 3.17 to address the issue. Users are strongly encouraged to update to this version or later.

Product	Software/Firmware	Affected Versions
Dell Power Manager	Software	Versions prior to 3.17

No official workarounds or mitigations are available. Dell recommends upgrading to the remediated version (3.17) immediately to secure your systems.

Dell Technologies extends its gratitude to TsungShu Chiu (CHT Security) for identifying and responsibly reporting CVE-2024-49600. 

Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Try for Free