Vulnerability identifier: #VU15905
Vulnerability risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-16
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
OpenManage Network Manager
Client/Desktop applications /
Other client software
Vendor: Dell
Description
The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to insecure default configuration setting for the embedded MySQL database. A remote attacker with database access privileges can to bypass security restrictions and gain read/write access to files stored on the server filesystem.
Mitigation
The vulnerability has been fixed in the version 6.5.0.
Vulnerable software versions
OpenManage Network Manager: All versions
External links
http://www.dell.com/support/article/ua/ru/uadhs1/sln314610/dell-openmanage-network-manager-security...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.