A critical security vulnerability has been discovered in Dell Power Manager (DPM), a widely used application for managing power settings on Dell systems.
The flaw, identified as CVE-2024-49600, allows attackers with low privileges and local access to execute malicious code and escalate their privileges, posing a significant security risk to affected systems.
The vulnerability stems from improper access control in Dell Power Manager versions prior to 3.17.
Exploiting this flaw could enable attackers to bypass restrictions and gain unauthorized access to sensitive system functions. Once exploited, the attacker could execute arbitrary code, potentially leading to full system compromise.
The vulnerability has been assigned a CVSS Base Score of 7.8, indicating a high severity level.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which highlights that the attack requires local access but has low complexity and does not require user interaction. The impact includes high confidentiality, integrity, and availability risks.
The following table summarizes the affected and remediated versions:
| Product | Software/Firmware | Affected Versions | Remediated Versions | Release Date |
|---|---|---|---|---|
| Dell Power Manager | Software | Versions prior to 3.17 | Version 3.17 or later | December 5, 2024 |
Dell Technologies has released version 3.17 of Dell Power Manager to address this issue. Users are strongly advised to update their software immediately to mitigate potential risks.
Unfortunately, no workarounds or mitigations are available for this vulnerability. The only recommended course of action is upgrading to the latest version of Dell Power Manager.
Users should also ensure that their systems are protected by implementing robust endpoint security measures and restricting local access where possible.
Dell Technologies has credited TsungShu Chiu from CHT Security for identifying and responsibly disclosing this vulnerability.
Dell urges all users to assess the CVSS base score alongside any relevant temporal or environmental factors that could influence the severity of this vulnerability in their specific context.
Organizations should prioritize patching affected systems to prevent exploitation.
For more information or assistance with updating your system, refer to Dell’s official support channels.
This vulnerability underscores the importance of maintaining up-to-date software and implementing proactive security measures to protect against emerging threats.
Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Try for Free
APT24, a sophisticated cyber espionage group linked to China's People's Republic, has launched a relentless…
The Cl0p ransomware group has claimed responsibility for infiltrating Broadcom's internal systems as part of…
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers…
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers…
Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors…
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That…