BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Dell PowerConnect Products Multiple Vulnerabilities

Disclosed January 17, 2014    Zeroday : 222 days

Vulnerability Description:

Dell PowerConnect, OpenManage, and GoAhead contain multiple vulnerabilities. The worst of these vulnerabilities may allow a remote attacker arbitrary code execution on a vulnerable device.

Vendors:

Dell

Vulnerable Software/Devices:

PowerConnect 3348 version 1.2.1.3 and possibly other versions
PowerConnect 3524p version 2.0.0.48 and possibly other versions
PowerConnect 5324 version 2.0.1.4 and possibly other versions
Dell OpenManage Web Application version 2.5 Build No. 1.19 and possibly other versions
Dell GoAhead

Vulnerability Severity:

High

Exploit Availability:

No Exploit Available

Exploit Impact:

Remote Code Execution
Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.

Denial of Service
Exploitation of these vulnerabilities will render the service on the affected system unresponsive while the memory of the system is exhausted. Attackers can continue sending malicious payloads to continue the denial of service condition indefinitely.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 32833 - Dell PowerConnect Products Multiple Vulnerabilities (20140219) (Zero-day)

Mitigation:

Restrict access to management interfaces.

Links:

CVE(s):