CVE-2024-37130 | THREATINT

Description

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

PUBLISHED Reserved 2024-06-03 | Published 2024-06-11 | Updated 2024-08-02 | Assigner dell

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-427: Uncontrolled Search Path Element

Product status

Default status

unaffected

Any version before 11.0.1.1

affected

Any version before 11.0.0.2

affected

Any version before 10.3.0.1

affected

References

www.dell.com/...e-escalation-via-xsl-hijacking-vulnerability vendor-advisory

cve.org (CVE-2024-37130)

nvd.nist.gov (CVE-2024-37130)

help @ threatint.eu