DSA-2024-074: Security Update for Dell EMC License Manager privilege elevation vulnerability
摘要: Dell EMC License Manager remediation is available for privilege elevation vulnerability that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22456 | Dell EMC License Manager, 1.7.1, contains a privilege elevation vulnerability. An authenticated non-admin attacker could potentially exploit this vulnerability, leading to arbitrary code execution. Exploitation may lead to a complete system compromise. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22456 | Dell EMC License Manager, 1.7.1, contains a privilege elevation vulnerability. An authenticated non-admin attacker could potentially exploit this vulnerability, leading to arbitrary code execution. Exploitation may lead to a complete system compromise. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
受影響的產品與補救措施
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-22456 | Dell EMC License Manager | Versions prior to 1.7.2 | 1.7.2 and later | Dell EMC License Manager 1.7.2 |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2024-22456 | Dell EMC License Manager | Versions prior to 1.7.2 | 1.7.2 and later | Dell EMC License Manager 1.7.2 |
The vulnerability does not exist if Dell EMC License Manager is installed in the default location recommended by the installer. (C:\Program Files (x86)\Dell\SysMgt\LicenseManager)
因應措施與緩解措施
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2024-22456 | Install Dell EMC License Manager in the default location (C:\Program Files (x86)\Dell\SysMgt\LicenseManager) |
修訂歷史記錄
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-02-08 | Initial Release |
| 2.0 | 2024-05-22 | Updated to include external link icon with no other changes to content. |
感謝
Dell would like to thank Pwni for reporting this issue.
相關資訊
法律免責聲明
受影響的產品
Dell License Manager (DLM)文章屬性
文章編號: 000221947
文章類型: Dell Security Advisory
上次修改時間: 22 5月 2024
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。