Dell OpenManage Integration with Microsoft Windows Admin Center Remote Code Execution Vulnerability (CVE-2024-24909)

DSA-2024-084: Dell OpenManage Integration with Microsoft Windows Admin Center Security Update Vulnerability Overview CVE ID: CVE-2024-24909 CVSS Base Score: 8.8 CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Description: A remote code execution vulnerability exists in the Gateway plugin of Dell OpenManage Integration with Microsoft Windows Admin Center. A remote authenticated user may exploit this vulnerability to escalate privileges. Malicious users may gain the ability to remotely execute arbitrary code. This is a high-severity vulnerability, and Dell recommends customers upgrade as soon as possible. Affected Products Affected Product: Dell OpenManage Integration with Microsoft Windows Admin Center Affected Versions: 3.1 and earlier Remediation Fixed Version: 3.2 Link: Dell OpenManage Integration with Microsoft Windows Admin Center (OMIMSWAC) v3.2.0 Additional Information Article ID: 000222075 Article Type: Dell Security Advisory Last Modified Date: February 14, 2024 Revision History: - Revision 1.0, Date 2024-02-14, Description: Initial release Related Links Dell Security Advisories and Notices Dell Vulnerability Response Policy CVSS Scoring Guide Legal Disclaimer This Dell Technologies security advisory is intended to be read and used to help avoid situations that may arise from the issues described herein. Dell Technologies distributes security advisories to bring important security information about affected products to the attention of users. Dell Technologies assesses risk based on an average risk assessment regarding the diversity of installed systems, which may not reflect the actual risk of your local installation and individual environment. All users are advised to determine the applicability of this information to their individual environment and take appropriate action. This information is provided "as is" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. Under no circumstances shall Dell Technologies, its affiliates, or suppliers be liable for any direct, indirect, incidental, consequential, commercial profit, or special damages arising out of the use of or inability to use the information contained herein or actions taken by you based on this decision, even if Dell Technologies, its affiliates, or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the above limitations may apply to you in accordance with the law. Affected Products OpenManage Integration with Microsoft Windows Admin Center OpenManage Integration with Microsoft Windows Admin Center, Product Security Information Provide Feedback Accuracy, usefulness, and ease of understanding rating Was it helpful? (Yes/No) Additional information (Optional)

Goal Reached Thanks to every supporter — we hit 100%!

Dell OpenManage Integration with Microsoft Windows Admin Center Remote Code Execution Vulnerability (CVE-2024-24909)