Dell Patches “Critical” OpenManage Enterprise Flaws

Dell released new patches for its OpenManage Enterprise product. The “critical” vulnerabilities can be exploited by a malicious user to compromise one’s system.

Among the holes repaired by Dell are the potential for improper authentication (v3.6.1, which can assist hijacking and performing unauthorized actions; information disclosures (v3.5) that can cause OIDC server credential leaks; injections within RACADM and IPMI tools (versions prior to 3.6.1), for executing arbitrary OS commands and subnet access (v3.4-3.6.1) for viewing data and elevating privileges.

Dell recommends that users consider both the out-of-10 CVSS base score – as well as any relevant temporal or environmental scores – impacting the potential severity associated with any given vulnerability. For these particular issues, CVSS base scores ranged from 7.7 (info disclosure) through 9.8 (improper authentication).