Vulnerabilities > CVE-2018-15767 - Incorrect Authorization vulnerability in Dell Openmanage Network Manager 6.5.0/6.5.2

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
dell
CWE-863
exploit available

Summary

The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.

Vulnerable Configurations

Part Description Count
Application
Dell
2

Common Weakness Enumeration (CWE)

Exploit-Db

fileexploits/linux/webapps/45852.py
idEDB-ID:45852
last seen2018-11-30
modified2018-11-14
platformlinux
port
published2018-11-14
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/45852
titleDell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/150204/KL-001-2018-009.txt
idPACKETSTORM:150204
last seen2018-11-07
published2018-11-06
reporterMatthew Bergin
sourcehttps://packetstormsecurity.com/files/150204/Dell-OpenManage-Network-Manager-6.2.0.51-SP3-Privilege-Escalation.html
titleDell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation

Saint

bid105912
descriptionDell OpenManage Network Manager MySQL vulnerability
titledell_openmanage_network_manager_mysql
typeremote