Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000225914


DSA-2024-264: Dell OpenManage Server Administrator (OMSA) Security Update for Local Privilege Escalation via XSL Hijacking Vulnerability

Summary: Dell OpenManage Server Administrator (OMSA) remediation is available for Local Privilege Escalation via XSL Hijacking Vulnerability that could be exploited by malicious users to compromise the affected system. ...

Article Content


Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-37130 Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2024-37130 Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Versions Remediated Versions Link
Dell OpenManage Server Administrator Managed Node for Windows Versions prior to 11.0.1.1 11.0.1.1
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=NC2JJ

 
Dell OpenManage Server Administrator Managed Node for Windows Versions prior to 11.0.0.2 11.0.0.2
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=KRRM7

 
Dell OpenManage Server Administrator Managed Node for Windows Versions prior to 10.3.0.1 10.3.0.1
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=GW01Y

 
Product Affected Versions Remediated Versions Link
Dell OpenManage Server Administrator Managed Node for Windows Versions prior to 11.0.1.1 11.0.1.1
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=NC2JJ

 
Dell OpenManage Server Administrator Managed Node for Windows Versions prior to 11.0.0.2 11.0.0.2
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=KRRM7

 
Dell OpenManage Server Administrator Managed Node for Windows Versions prior to 10.3.0.1 10.3.0.1
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=GW01Y

 

Revision History

RevisionDateDescription
1.02024-06-10Initial release

Related Information


Article Properties


Affected Product

OpenManage Server Administrator

Last Published Date

10 Jun 2024

Article Type

Dell Security Advisory