CVE-2023-43079 – This vulnerability in Dell OpenManage Server Ad... (How to Fix)

Q: What is the severity of CVE-2023-43079?

CVE-2023-43079 has a CVSS score of 7.3 (HIGH). This vulnerability in Dell OpenManage Server Administrator allows local low-privileged users to execute arbitrary code and elevate privileges due to improper access control. Exploitation could lead to complete system compromise. Affects OMSA versions 11.0.0.0 and earlier.

📋 TL;DR

This vulnerability in Dell OpenManage Server Administrator allows local low-privileged users to execute arbitrary code and elevate privileges due to improper access control. Exploitation could lead to complete system compromise. Affects OMSA versions 11.0.0.0 and earlier.

💻 Affected Systems

Products:

Dell OpenManage Server Administrator (OMSA)

Versions: 11.0.0.0 and prior

Operating Systems: Windows Server, Linux distributions supported by OMSA

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all default installations of OMSA within the vulnerable version range.

📦 What is this software?

Emc Openmanage Server Administrator by Dell

View all CVEs affecting Emc Openmanage Server Administrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative control, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized administrative access on affected servers.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are enforced.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.

🏢 Internal Only: HIGH - Any local user on affected servers can potentially gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local low-privileged access but exploitation appears straightforward based on vulnerability description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to OMSA version 11.0.0.1 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000218469/dsa-2023-367-dell-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Download latest OMSA version from Dell support site. 2. Backup current configuration. 3. Install update following Dell documentation. 4. Restart system as required.

🔧 Temporary Workarounds

Restrict Local User Access

all

Limit local user accounts on affected servers to essential personnel only.

Disable OMSA Service

linux

Temporarily disable OMSA service if not required for operations.

systemctl stop dsm_om_connsvc
systemctl disable dsm_om_connsvc

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected servers
Apply principle of least privilege to all local user accounts

🔍 How to Verify

Check if Vulnerable:

Check OMSA version via command line: omreport system version or via Windows Add/Remove Programs

Check Version:

omreport system version

Verify Fix Applied:

Verify OMSA version is 11.0.0.1 or later using same commands

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events
Suspicious process execution from OMSA components

Network Indicators:

Unusual outbound connections from OMSA services

SIEM Query:

EventID=4688 AND ProcessName LIKE '%OMSA%' AND NewProcessName LIKE '%cmd%' OR '%powershell%'

📊 Metadata

CVE ID: CVE-2023-43079

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: October 13, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43079, you might also want to check these: