Vulnerability identifier: #VU15904

Vulnerability risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-15767

CWE-ID: CWE-285

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
OpenManage Network Manager
Client/Desktop applications / Other client software

Vendor: Dell

Description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists due to misconfiguration in the /etc/sudoers file. A remote attacker with ‘synergy’ account privileges can bypass authorization and run arbitrary commands with root privileges.

Mitigation
The vulnerability has been fixed in the versions 6.5.0, 6.5.3.

Vulnerable software versions

OpenManage Network Manager: All versions

---

External links
http://www.dell.com/support/article/ua/ru/uadhs1/sln314610/dell-openmanage-network-manager-security...

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.