Dell Technologies identified a security vulnerability in Dell Power Manager (DPM), in versions 3.15.0 and older. The vulnerability, named CVE-2024-39576, allows a low-privileged attacker with local access to execute code and gain higher privileges.
Vulnerability Details:
By infosecbulletin
/ Friday , September 20 2024
Dell is investigating claims of a data breach after a threat actor leaked information on over 10,000 employees. "We are...
Read More
By infosecbulletin
/ Friday , September 20 2024
Researchers found an attack targeting poorly secured Linux SSH servers using Supershell, a backdoor written in Go that gives attackers...
Read More
By infosecbulletin
/ Thursday , September 19 2024
GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in...
Read More
By infosecbulletin
/ Thursday , September 19 2024
On September 16, 2024, Globe Pharmaceuticals Ltd., a major pharmaceutical company in Bangladesh, was hit by a ransomware attack detected...
Read More
By infosecbulletin
/ Wednesday , September 18 2024
The FBI has alerted that cyber actors have compromised over 260,000 internet-connected devices, mainly routers, to form a large botnet...
Read More
By infosecbulletin
/ Wednesday , September 18 2024
Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next...
Read More
By infosecbulletin
/ Wednesday , September 18 2024
Broadcom has fixed a serious VMware vCenter Server vulnerability that allows attackers to execute remote code on unpatched servers through...
Read More
By infosecbulletin
/ Wednesday , September 18 2024
Ransomware groups like BianLian and Rhysida use Microsoft's Azure Storage Explorer and AzCopy to steal data from hacked networks and...
Read More
By infosecbulletin
/ Tuesday , September 17 2024
Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on...
Read More
By infosecbulletin
/ Tuesday , September 17 2024
CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws,...
Read More
Lefteris Panos from LRQA Nettitude found the vulnerability in Dell Power Manager. This vulnerability is known as CVE-2024-39576. It is a type of vulnerability called Incorrect Privilege Assignment. It can be exploited by an attacker with low privileges and local access.
This vulnerability could allow attackers to run code and gain higher system privileges. It has a high severity score of 8.8 out of 10.
Users need to update their Dell Power Manager software to version 3.16.0 or later to reduce risks caused by a vulnerability.
“Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and Elevation of privileges.” said Dell released notes.
Affected Products:
Product: Dell Power Manager
Software/Firmware: Versions prior to 3.16.0
Remediated Versions: Dell Power Manager version 3.16.0 or later
Dell Technologies advises all customers to consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity of this security vulnerability.