DSA-2024-074: Security Update for Dell EMC License Manager privilege elevation vulnerability
요약: Dell EMC License Manager remediation is available for privilege elevation vulnerability that could be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Medium
세부 정보
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22456 | Dell EMC License Manager, 1.7.1, contains a privilege elevation vulnerability. An authenticated non-admin attacker could potentially exploit this vulnerability, leading to arbitrary code execution. Exploitation may lead to a complete system compromise. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22456 | Dell EMC License Manager, 1.7.1, contains a privilege elevation vulnerability. An authenticated non-admin attacker could potentially exploit this vulnerability, leading to arbitrary code execution. Exploitation may lead to a complete system compromise. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
영향을 받는 제품 및 문제 해결
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-22456 | Dell EMC License Manager | Versions prior to 1.7.2 | 1.7.2 and later | Dell EMC License Manager 1.7.2 |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-22456 | Dell EMC License Manager | Versions prior to 1.7.2 | 1.7.2 and later | Dell EMC License Manager 1.7.2 |
The vulnerability does not exist if Dell EMC License Manager is installed in the default location recommended by the installer. (C:\Program Files (x86)\Dell\SysMgt\LicenseManager)
해결 방법 및 완화 방안
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2024-22456 | Install Dell EMC License Manager in the default location (C:\Program Files (x86)\Dell\SysMgt\LicenseManager) |
개정 내역
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-02-08 | Initial Release |
| 2.0 | 2024-05-22 | Updated to include external link icon with no other changes to content. |
감사의 말
Dell would like to thank Pwni for reporting this issue.
관련 정보
법적 고지 사항
해당 제품
Dell License Manager (DLM)문서 속성
문서 번호: 000221947
문서 유형: Dell Security Advisory
마지막 수정 시간: 22 5월 2024
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.