CVE-2023-43079

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000218469/dsa-2023-367-dell-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:emc_openmanage_server_administrator:*:*:*:*:*:*:*:*

History

20 Oct 2023, 20:01

Type	Values Removed	Values Added
First Time		Dell emc Openmanage Server Administrator Dell
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:a:dell:emc_openmanage_server_administrator::::::::
References	~~(MISC) https://www.dell.com/support/kbdoc/en-us/000218469/dsa-2023-367-dell-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities -~~	(MISC) https://www.dell.com/support/kbdoc/en-us/000218469/dsa-2023-367-dell-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities - Vendor Advisory

13 Oct 2023, 12:47

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-13 12:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-43079

Mitre link : CVE-2023-43079

CVE.ORG link : CVE-2023-43079

JSON object : View

Products Affected

dell

emc_openmanage_server_administrator

CWE

CWE-284

Improper Access Control

{"id": "CVE-2023-43079", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2023-10-13T12:15:10.077", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000218469/dsa-2023-367-dell-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "\nDell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system.\u00a0Exploitation may lead to a complete system compromise.\n\n"}, {"lang": "es", "value": "Dell OpenManage Server Administrator, versiones 11.0.0.0 y anteriores, contiene una vulnerabilidad de Control de Acceso Inadecuado. Un usuario malicioso local con pocos privilegios podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario con el fin de elevar los privilegios en el sistema. La explotaci\u00f3n puede llevar a un compromiso completo del sistema."}], "lastModified": "2023-10-20T20:01:50.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_openmanage_server_administrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "724DC295-5903-4E0A-B286-C3C89F8AC9E6", "versionEndExcluding": "11.0.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}