CVE-2024-49596

Vulnerability

Dell Wyse Management Suite (WMS) versions 4.4 and prior contain a Missing Authorization vulnerability in proprietary code [1]. The flaw allows a high-privileged attacker with remote access to perform actions that should require additional authorization, leading to denial of service and arbitrary file deletion.

Exploitation

An attacker must have high privileges (e.g., administrative access) and network access to the WMS instance. The CVSS vector indicates high attack complexity (AC:H), suggesting that successful exploitation may require specific conditions or timing. No user interaction is required [1]. The exact sequence of steps is not detailed in the available reference.

Impact

Successful exploitation results in denial of service (availability impact) and arbitrary file deletion (integrity impact). The CVSS score is 5.9 (Medium) with vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H [1]. Confidentiality is not affected.

Mitigation

Dell has released a security advisory (DSA-2024-440) addressing this vulnerability [1]. The recommended mitigation is to apply the latest security update for Dell Wyse Management Suite. The specific fixed version is not explicitly stated in the available reference; users should consult the advisory for update instructions.