CVE-2024-37130 – Dell OpenManage Server Administrator (OMSA) ver... (How to Fix)

Q: What is the severity of CVE-2024-37130?

CVE-2024-37130 has a CVSS score of 7.3 (HIGH). Dell OpenManage Server Administrator (OMSA) versions 11.0.1.0 and prior contain a local privilege escalation vulnerability via XSL hijacking. A local low-privileged user can exploit this to gain admin privileges and full system control. This affects systems running vulnerable OMSA versions.

📋 TL;DR

Dell OpenManage Server Administrator (OMSA) versions 11.0.1.0 and prior contain a local privilege escalation vulnerability via XSL hijacking. A local low-privileged user can exploit this to gain admin privileges and full system control. This affects systems running vulnerable OMSA versions.

💻 Affected Systems

Products:

Dell OpenManage Server Administrator (OMSA)

Versions: 11.0.1.0 and prior

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both Windows and Linux versions of OMSA. Requires local access to the system.

📦 What is this software?

Openmanage Server Administrator by Dell

View all CVEs affecting Openmanage Server Administrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative access, allowing data theft, persistence installation, and lateral movement.

🟠

Likely Case

Local attacker gains administrative privileges on the affected server, potentially compromising sensitive data and system integrity.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though privilege escalation remains possible.

🌐 Internet-Facing: LOW (requires local access, not remotely exploitable)

🏢 Internal Only: HIGH (local attackers with low privileges can gain full control)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access with low privileges. XSL hijacking techniques are well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.0.2.0 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000225914/dsa-2024-264-dell-openmanage-server-administrator-omsa-security-update-for-local-privilege-escalation-via-xsl-hijacking-vulnerability

Restart Required: Yes

Instructions:

1. Download OMSA version 11.0.2.0 or later from Dell support site. 2. Backup current configuration. 3. Install the update following Dell's documentation. 4. Restart the system.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts to only trusted personnel and implement least privilege principles.

Monitor for suspicious activity

all

Implement monitoring for privilege escalation attempts and unusual administrative actions.

🧯 If You Can't Patch

Remove OMSA from non-essential systems if not required
Implement strict access controls and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check OMSA version: On Windows use 'Add/Remove Programs', on Linux run 'rpm -qa | grep srvadmin' or 'dpkg -l | grep srvadmin'

Check Version:

Windows: Check Programs and Features. Linux: 'rpm -qa | grep srvadmin' (RHEL) or 'dpkg -l | grep srvadmin' (Debian/Ubuntu)

Verify Fix Applied:

Verify OMSA version is 11.0.2.0 or later using the same commands

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Suspicious process creation by low-privileged users
OMSA-related service anomalies

Network Indicators:

Local system calls indicating privilege changes

SIEM Query:

EventID=4688 AND ProcessName LIKE '%OMSA%' AND NewProcessName LIKE '%admin%' OR EventID=4672

📊 Metadata

CVE ID: CVE-2024-37130

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: June 11, 2024

Last Updated: January 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37130, you might also want to check these: