DSA-2023-367: Dell OpenManage Server Administrator (OMSA) Security Update for Multiple Vulnerabilities.

Summary: Dell OpenManage Server Administrator (OMSA) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2023-43079This hyperlink is taking you to a website outside of Dell Technologies. Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system.Exploitation may lead to a complete system compromise. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2023-43079This hyperlink is taking you to a website outside of Dell Technologies. Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system.Exploitation may lead to a complete system compromise. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

 
CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-43079 Dell Open Manage Server Administrator Managed Node for Windows 11.0.0.0 and prior 11.0.0.0,A01 Dell OpenManage Server Administrator Managed Node for Windows, v11.0.0.0
CVE-2023-43079 Dell Systems Management Tools and Documentation DVD ISO 11.0.0.0 and prior 11.0.0.0,A01 Dell Systems Management Tools and Documentation DVD ISO, v11.0.0.0
CVE-2023-43079 Dell Systems Management Tools and Documentation DVD ISO For Windows 11.0.0.0 and prior 11.0.0.0,A01 Dell Systems Management Tools and Documentation DVD ISO For Windows, v11.0.0.0
CVE-2023-43079 Dell Open Manage Server Administrator Managed Node for Windows 11.0.1.0 and prior 11.0.1.0,A00 Dell OpenManage Server Administrator Managed Node for Windows, v11.0.1.0
CVE-2023-43079 Dell Systems Management Tools and Documentation DVD ISO 11.0.1.0 and prior 11.0.1.0,A00 Dell Systems Management Tools and Documentation DVD ISO, v11.0.1.0
CVE-2023-43079 Dell Systems Management Tools and Documentation DVD ISO For Windows 11.0.1.0 and prior 11.0.1.0,A00 Dell Systems Management Tools and Documentation DVD ISO For Windows, v11.0.1.0

 
CVEs Addressed Product Affected Versions Remediated Versions Link
CVE-2023-43079 Dell Open Manage Server Administrator Managed Node for Windows 11.0.0.0 and prior 11.0.0.0,A01 Dell OpenManage Server Administrator Managed Node for Windows, v11.0.0.0
CVE-2023-43079 Dell Systems Management Tools and Documentation DVD ISO 11.0.0.0 and prior 11.0.0.0,A01 Dell Systems Management Tools and Documentation DVD ISO, v11.0.0.0
CVE-2023-43079 Dell Systems Management Tools and Documentation DVD ISO For Windows 11.0.0.0 and prior 11.0.0.0,A01 Dell Systems Management Tools and Documentation DVD ISO For Windows, v11.0.0.0
CVE-2023-43079 Dell Open Manage Server Administrator Managed Node for Windows 11.0.1.0 and prior 11.0.1.0,A00 Dell OpenManage Server Administrator Managed Node for Windows, v11.0.1.0
CVE-2023-43079 Dell Systems Management Tools and Documentation DVD ISO 11.0.1.0 and prior 11.0.1.0,A00 Dell Systems Management Tools and Documentation DVD ISO, v11.0.1.0
CVE-2023-43079 Dell Systems Management Tools and Documentation DVD ISO For Windows 11.0.1.0 and prior 11.0.1.0,A00 Dell Systems Management Tools and Documentation DVD ISO For Windows, v11.0.1.0

Workarounds & Mitigations

None

Revision History

RevisionDateDescription
1.02023-03-10Initial Release
2.0 2023-13-10Corrected URL in the CVSS Vector String and removed extra whitespace in the CVE description.
3.0 2023-13-10Enhanced for presentation with no changes to content
4.02024-05-31Updated the Remediated Versions from 11.0.1.0,A01 to 11.0.1.0,A00 for the Affected Version 11.0.1.0 and prior.  

Acknowledgements

Dell Technologies would like to thank Gee-netics for reporting this issue.
 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

OpenManage Server Administrator, Dell OpenManage Server Administrator Version 8.4, Dell OpenManage Server Administrator Version 8.5, Dell OpenManage Server Administrator Version 9.0.1, Dell OpenManage Server Administrator Version 9.0.2 , Dell OpenManage Server Administrator Version 9.1, Dell OpenManage Server Administrator Version 8.3, Dell OpenManage Server Administrator Managed Node for Dell Fluid Cache for DAS, Dell OpenManage Server Administrator Version 2.3, Dell OpenManage Server Administrator Version 5.0, Dell OpenManage Server Administrator Version 5.1, Dell OpenManage Server Administrator Version 5.2, Dell OpenManage Server Administrator Version 5.3, Dell OpenManage Server Administrator Version 5.4, Dell OpenManage Server Administrator Version 5.5, Dell OpenManage Server Administrator Version 6.0.1, Dell OpenManage Server Administrator Version 6.0.3, Dell OpenManage Server Administrator Version 6.1, Dell OpenManage Server Administrator Version 6.1.1, Dell OpenManage Server Administrator Version 6.2, Dell OpenManage Server Administrator Version 6.3, Dell OpenManage Server Administrator Version 6.4, Dell OpenManage Server Administrator Version 6.5, Dell OpenManage Server Administrator Version 6.5 A02, Dell OpenManage Server Administrator Version 7.0, Dell OpenManage Server Administrator Version 7.1, Dell OpenManage Server Administrator Version 7.2, Dell OpenManage Server Administrator Version 7.3, Dell OpenManage Server Administrator Version 7.4, Dell OpenManage Server Administrator Version 8.0.1, Dell OpenManage Server Administrator Version 8.0.2, Dell OpenManage Server Administrator Version 8.1, Dell OpenManage Server Administrator Version 8.2, Dell OpenManage Server Administrator Version 9.1.1, Dell OpenManage Server Administrator Version 10.0.1, Dell OpenManage Server Administrator Version 10.1.0.0, Dell OpenManage Server Administrator Version 10.2.0.0, Dell OpenManage Server Administrator Version 9.1.2, Dell OpenManage Server Administrator Version 9.2, Dell OpenManage Server Administrator Version 9.2.1, Dell OpenManage Server Administrator Version 9.3, Dell OpenManage Server Administrator Version 9.3.1, Dell OpenManage Server Administrator Version 9.3.2, Dell OpenManage Server Administrator Version 9.4, Dell OpenManage Server Administrator Version 9.5 ...
Article Properties
Article Number: 000218469
Article Type: Dell Security Advisory
Last Modified: 31 May 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.