Vulnerability identifier: #VU15904
Vulnerability risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
OpenManage Network Manager
Client/Desktop applications /
Other client software
Vendor: Dell
Description
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to misconfiguration in the /etc/sudoers file. A remote attacker with ‘synergy’ account privileges can bypass authorization and run arbitrary commands with root privileges.
Mitigation
The vulnerability has been fixed in the versions 6.5.0, 6.5.3.
Vulnerable software versions
OpenManage Network Manager: All versions
External links
http://www.dell.com/support/article/ua/ru/uadhs1/sln314610/dell-openmanage-network-manager-security...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.