virus logo Intrusion Prevention

Dell.OpenManage.MySQL.Access.Control.Code.Execution

description-logoDescription

This indicates an attack attempt against an arbitrary Code Execution in Dell OpenManage Network Manager.
The vulnerability is due to insecure default configuration settings for the embedded MySQL database. It allows a remote attacker to execute arbitrary code via a crafted request.

affected-products-logoAffected Products

Dell OpenManage Network Manager version prior to 6.5.3 (CVE-2018-15767)
Dell OpenManage Network Manager version prior to 6.5.0 (all CVEs)

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version,available from the web site:
https://www.dell.com/support/article/ga/fr/gabsdt1/sln314610/dell-openmanage-network-manager-security-vulnerabilities?lang=en

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-12-28 13.515 Default_action:pass:drop
2018-11-27 13.498 Sig Added
2018-11-21 13.495

References

https://packetstormsecurity.com/files/150204/Dell-OpenManage-Network-Manager-6.2.0.51-SP3-Privilege-Escalation.html https://www.dell.com/support/article/us/en/19/sln314610
ID 47115
Created Nov 21, 2018
Updated Aug 17, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2018-15767 CVE-2018-15768
Exploit Prediction Score 4.48%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other