Dell Urges Immediate Update to Fix Critical Power Manager Vulnerability

A critical security flaw in Dell Power Manager has been discovered that could allow attackers to compromise your systems and execute arbitrary code. 

SUMMARY:

• Critical Vulnerability Alert: Dell Power Manager versions before 3.17 have a high-severity access control flaw (CVE-2024-49600) allowing attackers to gain elevated privileges.

• Exploitation Risk: Attackers with local access can execute arbitrary code, bypass security measures, and compromise system confidentiality, integrity, and availability.

• Software Update: Dell has released Power Manager version 3.17 to address this vulnerability; users should update immediately as no workaround is available.

• Vulnerability Discovery: The flaw was identified and responsibly disclosed by TsungShu Chiu from CHT Security.

• Dell’s Recent Breaches: Dell faced multiple data breaches in September 2024, exposing sensitive information of employees and projects, further emphasizing the need for robust security measures.