Article Number: 000206609
High
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34396 | Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2023-43079 | Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34396 | Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2023-43079 | Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link To Update |
| CVE-2022-34396 ,CVE-2023-43079 | Dell OpenManage Server Administrator Managed Node for Windows | 10.3.0.0 and prior | 10.3.0.0, A00 | Dell OpenManage Server Administrator Managed Node for Windows, v10.3.0.0 |
| CVE-2022-34396,CVE-2023-43079 | Dell Systems Management Tools and Documentation DVD ISO | 10.3.0.0 and prior | 10.3.0.0, A00 | Dell Systems Management Tools and Documentation DVD ISO, v10.3.0.0 |
| CVE-2022-34396,CVE-2023-43079 | Dell Systems Management Tools and Documentation DVD ISO For Windows | 10.3.0.0 and prior | 10.3.0.0, A00 | Dell Systems Management Tools and Documentation DVD ISO For Windows, v10.3.0.0 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link To Update |
| CVE-2022-34396 ,CVE-2023-43079 | Dell OpenManage Server Administrator Managed Node for Windows | 10.3.0.0 and prior | 10.3.0.0, A00 | Dell OpenManage Server Administrator Managed Node for Windows, v10.3.0.0 |
| CVE-2022-34396,CVE-2023-43079 | Dell Systems Management Tools and Documentation DVD ISO | 10.3.0.0 and prior | 10.3.0.0, A00 | Dell Systems Management Tools and Documentation DVD ISO, v10.3.0.0 |
| CVE-2022-34396,CVE-2023-43079 | Dell Systems Management Tools and Documentation DVD ISO For Windows | 10.3.0.0 and prior | 10.3.0.0, A00 | Dell Systems Management Tools and Documentation DVD ISO For Windows, v10.3.0.0 |
Dell Technologies would like to thank Marius Gabriel Mihai for reporting this issue.
| Revision | Date | Description |
| 1.0 | 2022-12-19 | Initial Release |
| 2.0 | 2023-10-05 | Major Revision: Updated Remediation |
| 3.0 | 2023-10-12 | Major Revision: new CVE added to better reflect the above updated remediation |
12 Oct 2023
3
Dell Security Advisory