Headline
CVE-2023-43079: DSA-2023-367: Dell OpenManage Server Administrator (OMSA) Security Update for Multiple Vulnerabilities.
Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.
Article Number: 000218469
Summary: Dell OpenManage Server Administrator (OMSA) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2023-43079
Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system.Exploitation may lead to a complete system compromise.
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2023-43079
Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system.Exploitation may lead to a complete system compromise.
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
CVEs Addressed
Product
Affected Versions
Remediated Versions
Link
CVE-2023-43079
Dell Open Manage Server Administrator Managed Node for Windows
11.0.0.0 and prior
11.0.0.0,A01
Dell OpenManage Server Administrator Managed Node for Windows, v11.0.0.0
CVE-2023-43079
Dell Systems Management Tools and Documentation DVD ISO
11.0.0.0 and prior
11.0.0.0,A01
Dell Systems Management Tools and Documentation DVD ISO, v11.0.0.0
CVE-2023-43079
Dell Systems Management Tools and Documentation DVD ISO For Windows
11.0.0.0 and prior
11.0.0.0,A01
Dell Systems Management Tools and Documentation DVD ISO For Windows, v11.0.0.0
CVE-2023-43079
Dell Open Manage Server Administrator Managed Node for Windows
11.0.1.0 and prior
11.0.1.0,A01
Dell OpenManage Server Administrator Managed Node for Windows, v11.0.1.0
CVE-2023-43079
Dell Systems Management Tools and Documentation DVD ISO
11.0.1.0 and prior
11.0.1.0,A01
Dell Systems Management Tools and Documentation DVD ISO, v11.0.1.0
CVE-2023-43079
Dell Systems Management Tools and Documentation DVD ISO For Windows
11.0.1.0 and prior
11.0.1.0,A01
Dell Systems Management Tools and Documentation DVD ISO For Windows, v11.0.1.0
CVEs Addressed
Product
Affected Versions
Remediated Versions
Link
CVE-2023-43079
Dell Open Manage Server Administrator Managed Node for Windows
11.0.0.0 and prior
11.0.0.0,A01
Dell OpenManage Server Administrator Managed Node for Windows, v11.0.0.0
CVE-2023-43079
Dell Systems Management Tools and Documentation DVD ISO
11.0.0.0 and prior
11.0.0.0,A01
Dell Systems Management Tools and Documentation DVD ISO, v11.0.0.0
CVE-2023-43079
Dell Systems Management Tools and Documentation DVD ISO For Windows
11.0.0.0 and prior
11.0.0.0,A01
Dell Systems Management Tools and Documentation DVD ISO For Windows, v11.0.0.0
CVE-2023-43079
Dell Open Manage Server Administrator Managed Node for Windows
11.0.1.0 and prior
11.0.1.0,A01
Dell OpenManage Server Administrator Managed Node for Windows, v11.0.1.0
CVE-2023-43079
Dell Systems Management Tools and Documentation DVD ISO
11.0.1.0 and prior
11.0.1.0,A01
Dell Systems Management Tools and Documentation DVD ISO, v11.0.1.0
CVE-2023-43079
Dell Systems Management Tools and Documentation DVD ISO For Windows
11.0.1.0 and prior
11.0.1.0,A01
Dell Systems Management Tools and Documentation DVD ISO For Windows, v11.0.1.0
Workarounds and Mitigations
None
Acknowledgements
Dell Technologies would like to thank Gee-netics for reporting this issue.
Revision History
Revision
Date
Description
1.0
2023-03-10
Initial Release
2.0
2023-13-10
Corrected URL in the CVSS Vector String and removed extra whitespace in the CVE description.
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Article Properties
Affected Product
OpenManage Server Administrator, Dell OpenManage Server Administrator Version 8.4, Dell OpenManage Server Administrator Version 8.5, Dell OpenManage Server Administrator Version 9.0.1, Dell OpenManage Server Administrator Version 9.0.2 , Dell OpenManage Server Administrator Version 9.1, Dell OpenManage Server Administrator Version 8.3, Dell OpenManage Server Administrator Managed Node for Dell Fluid Cache for DAS, Dell OpenManage Server Administrator Version 2.3, Dell OpenManage Server Administrator Version 5.0, Dell OpenManage Server Administrator Version 5.1, Dell OpenManage Server Administrator Version 5.2, Dell OpenManage Server Administrator Version 5.3, Dell OpenManage Server Administrator Version 5.4, Dell OpenManage Server Administrator Version 5.5, Dell OpenManage Server Administrator Version 6.0.1, Dell OpenManage Server Administrator Version 6.0.3, Dell OpenManage Server Administrator Version 6.1, Dell OpenManage Server Administrator Version 6.1.1, Dell OpenManage Server Administrator Version 6.2, Dell OpenManage Server Administrator Version 6.3, Dell OpenManage Server Administrator Version 6.4, Dell OpenManage Server Administrator Version 6.5, Dell OpenManage Server Administrator Version 6.5 A02, Dell OpenManage Server Administrator Version 7.0, Dell OpenManage Server Administrator Version 7.1, Dell OpenManage Server Administrator Version 7.2, Dell OpenManage Server Administrator Version 7.3, Dell OpenManage Server Administrator Version 7.4, Dell OpenManage Server Administrator Version 8.0.1, Dell OpenManage Server Administrator Version 8.0.2, Dell OpenManage Server Administrator Version 8.1, Dell OpenManage Server Administrator Version 8.2, Dell OpenManage Server Administrator Version 9.1.1, Dell OpenManage Server Administrator Version 10.0.1, Dell OpenManage Server Administrator Version 10.1.0.0, Dell OpenManage Server Administrator Version 10.2.0.0, Dell OpenManage Server Administrator Version 9.1.2, Dell OpenManage Server Administrator Version 9.2, Dell OpenManage Server Administrator Version 9.2.1, Dell OpenManage Server Administrator Version 9.3, Dell OpenManage Server Administrator Version 9.3.1, Dell OpenManage Server Administrator Version 9.3.2, Dell OpenManage Server Administrator Version 9.4, Dell OpenManage Server Administrator Version 9.5 …
Last Published Date
13 Oct 2023
Version
3
Article Type
Dell Security Advisory