Vulnerability Details CVE-2024-37130
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.7%
CVSS Severity
CVSS v3 Score 7.3
References
- https://www.dell.com/support/kbdoc/en-us/000225914/dsa-2024-264-dell-openmanage-server-administrator-omsa-security-update-for-local-privilege-escalation-via-xsl-hijacking-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000225914/dsa-2024-264-dell-openmanage-server-administrator-omsa-security-update-for-local-privilege-escalation-via-xsl-hijacking-vulnerability
Products affected by CVE-2024-37130
-
cpe:2.3:a:dell:openmanage_server_administrator:-
-
cpe:2.3:a:dell:openmanage_server_administrator:1.00.0000
-
cpe:2.3:a:dell:openmanage_server_administrator:11.0.1.0
-
cpe:2.3:a:dell:openmanage_server_administrator:4.3.0
-
cpe:2.3:a:dell:openmanage_server_administrator:4.4.0
-
cpe:2.3:a:dell:openmanage_server_administrator:4.5.0
-
cpe:2.3:a:dell:openmanage_server_administrator:5.0.0
-
cpe:2.3:a:dell:openmanage_server_administrator:5.1.0
-
cpe:2.3:a:dell:openmanage_server_administrator:5.1.0.1
-
cpe:2.3:a:dell:openmanage_server_administrator:5.2.0
-
cpe:2.3:a:dell:openmanage_server_administrator:5.3.0
-
cpe:2.3:a:dell:openmanage_server_administrator:5.4.0
-
cpe:2.3:a:dell:openmanage_server_administrator:5.5.0
-
cpe:2.3:a:dell:openmanage_server_administrator:5.5.0.1
-
cpe:2.3:a:dell:openmanage_server_administrator:6.2.0
-
cpe:2.3:a:dell:openmanage_server_administrator:6.3.0
-
cpe:2.3:a:dell:openmanage_server_administrator:6.4.0
-
cpe:2.3:a:dell:openmanage_server_administrator:6.5.0
-
cpe:2.3:a:dell:openmanage_server_administrator:6.5.0.1
-
cpe:2.3:a:dell:openmanage_server_administrator:7.0.0
-
cpe:2.3:a:dell:openmanage_server_administrator:7.0.0.1
-
cpe:2.3:a:dell:openmanage_server_administrator:7.1.0
-
cpe:2.3:a:dell:openmanage_server_administrator:7.1.0.1
-
cpe:2.3:a:dell:openmanage_server_administrator:7.2.0
-
cpe:2.3:a:dell:openmanage_server_administrator:7.3.0
-
cpe:2.3:a:dell:openmanage_server_administrator:8.2
-
cpe:2.3:a:dell:openmanage_server_administrator:9.4.0.3
-
cpe:2.3:a:dell:openmanage_server_administrator:9.5.0.0
-
cpe:2.3:a:dell:openmanage_server_administrator:9.5.0.1