Dell PowerConnect, OpenManage, and GoAhead contain multiple vulnerabilities. The worst of these vulnerabilities may allow a remote attacker arbitrary code execution on a vulnerable device.
PowerConnect 3348 version 220.127.116.11 and possibly other versions
PowerConnect 3524p version 18.104.22.168 and possibly other versions
PowerConnect 5324 version 22.214.171.124 and possibly other versions
Dell OpenManage Web Application version 2.5 Build No. 1.19 and possibly other versions
No Exploit Available
Remote Code Execution
Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.
Denial of Service
Exploitation of these vulnerabilities will render the service on the affected system unresponsive while the memory of the system is exhausted. Attackers can continue sending malicious payloads to continue the denial of service condition indefinitely.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 32833 - Dell PowerConnect Products Multiple Vulnerabilities (20140219) (Zero-day)
Restrict access to management interfaces.