Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2018-15767 CVE-2018-15768 |
CWE-ID | CWE-285 CWE-16 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
Vulnerable software Subscribe |
OpenManage Network Manager Client/Desktop applications / Other client software |
Vendor | Dell |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU15904
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-15767
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to misconfiguration in the /etc/sudoers file. A remote attacker with ‘synergy’ account privileges can bypass authorization and run arbitrary commands with root privileges.
The vulnerability has been fixed in the versions 6.5.0, 6.5.3.
Vulnerable software versionsOpenManage Network Manager: before 6.5.3
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU15905
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-15768
CWE-ID:
CWE-16 - Configuration
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to insecure default configuration setting for the embedded MySQL database. A remote attacker with database access privileges can to bypass security restrictions and gain read/write access to files stored on the server filesystem.
The vulnerability has been fixed in the version 6.5.0.
Vulnerable software versionsOpenManage Network Manager: before 6.5.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.