Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34396: DSA-2022-321: Dell OpenManage Server Administrator Security Update for DLL Injection Vulnerability

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

CVE
Open in Source
#vulnerability#windows#auth#dell

Artikkelin numero: 000206609

DSA-2022-321: Dell OpenManage Server Administrator Security Update for DLL Injection Vulnerability****Yhteenveto: Dell OpenManage Server Administrator (OMSA) remediation is available for DLL Injection Vulnerability that may be exploited by malicious users to compromise the affected system.

Artikkelin sisältö

Vaikutus

High

Tiedot

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34396

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

7.0

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34396

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

7.0

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

CVEs Addressed

Product

Affected Versions

Updated Versions

Link To Update

CVE-2022-34396

Dell OpenManage Server Administrator (OMSA)

Version 10.3.0.0 and earlier

Dell OpenManage Server Administrator hotfix 246014 for Windows

https://www.dell.com/support/home/drivers/driversdetails?driverid=VR638

CVEs Addressed

Product

Affected Versions

Updated Versions

Link To Update

CVE-2022-34396

Dell OpenManage Server Administrator (OMSA)

Version 10.3.0.0 and earlier

Dell OpenManage Server Administrator hotfix 246014 for Windows

https://www.dell.com/support/home/drivers/driversdetails?driverid=VR638

Kiitokset

Dell Technologies would like to thank Marius Gabriel Mihai for reporting this issue.

Versiohistoria

Revision

Date

Description

1.0

2022-12-19

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Artikkelin ominaisuudet

Tuote, johon asia vaikuttaa

Dell OpenManage Server Administrator Version 8.4, Dell OpenManage Server Administrator Version 8.5, Dell OpenManage Server Administrator Version 9.0.1, Dell OpenManage Server Administrator Version 9.0.2 , Dell OpenManage Server Administrator Version 9.1, Dell OpenManage Server Administrator Version 8.3, Dell OpenManage Server Administrator Version 2.3, Dell OpenManage Server Administrator Version 5.0, Dell OpenManage Server Administrator Version 5.1, Dell OpenManage Server Administrator Version 5.2, Dell OpenManage Server Administrator Version 5.3, Dell OpenManage Server Administrator Version 5.4, Dell OpenManage Server Administrator Version 5.5, Dell OpenManage Server Administrator Version 6.0.1, Dell OpenManage Server Administrator Version 6.0.3, Dell OpenManage Server Administrator Version 6.1, Dell OpenManage Server Administrator Version 6.1.1, Dell OpenManage Server Administrator Version 6.2, Dell OpenManage Server Administrator Version 6.3, Dell OpenManage Server Administrator Version 6.4, Dell OpenManage Server Administrator Version 6.5, Dell OpenManage Server Administrator Version 6.5 A02, Dell OpenManage Server Administrator Version 7.0, Dell OpenManage Server Administrator Version 7.1, Dell OpenManage Server Administrator Version 7.2, Dell OpenManage Server Administrator Version 7.3, Dell OpenManage Server Administrator Version 7.4, Dell OpenManage Server Administrator Version 8.0.1, Dell OpenManage Server Administrator Version 8.0.2, Dell OpenManage Server Administrator Version 8.1, Dell OpenManage Server Administrator Version 8.2, Dell OpenManage Server Administrator Version 9.1.1, Dell OpenManage Server Administrator Version 10.0.1, Dell OpenManage Server Administrator Version 10.1.0.0, Dell OpenManage Server Administrator Version 10.2.0.0, Dell OpenManage Server Administrator Version 10.3.0.0, Dell OpenManage Server Administrator Version 9.1.2, Dell OpenManage Server Administrator Version 9.2, Dell OpenManage Server Administrator Version 9.2.1, Dell OpenManage Server Administrator Version 9.3, Dell OpenManage Server Administrator Version 9.3.1, Dell OpenManage Server Administrator Version 9.3.2, Dell OpenManage Server Administrator Version 9.4, Dell OpenManage Server Administrator Version 9.5, Product Security Information …

Edellinen julkaisupäivä

19 jouluk. 2022

Versio

1

Artikkelin tyyppi

Dell Security Advisory

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE