CVE-2024-37130

Summary

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

Affected Software

VendorProductVersion RangeStatus
DellDell OpenManage Server AdministratorN/A < 11.0.1.1affected
DellDell OpenManage Server AdministratorN/A < 11.0.0.2affected
DellDell OpenManage Server AdministratorN/A < 10.3.0.1affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References