Description
Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code remotely. This is a high severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell OpenManage Integration with Microsoft Windows Admin Center includes a remote code execution flaw in its gateway plugin. The vulnerability allows a remote authenticated user to execute arbitrary commands, effectively elevating privileges on the host system. The weakness is a classic command injection, aligned with CWE‑77.

Affected Systems

The vulnerable component is the Dell OpenManage Integration for Windows Admin Center. No specific product versions are listed in the advisory; all installations of the integration that contain the gateway plugin are potentially affected.

Risk and Exploitability

The CVSS score of 8.8 signifies a high severity issue. The EPSS score is below 1 %, indicating a low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires an authenticated session to the Windows Admin Center gateway plugin; the attacker would need legitimate credentials for the target system. Once authenticated, the attacker can trigger command execution remotely and gain elevated privileges on the host.

Generated by OpenCVE AI on June 17, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell security update referenced in the official Dell KB (2024‑084) to patch the OpenManage gateway plugin.
  • If an update cannot be applied immediately, disable or remove the OpenManage gateway plugin from the Windows Admin Center installation to block the exploitation path.
  • Restrict credentials to the minimum required users, and enforce least‑privilege access policies on the Windows Admin Center and OpenManage services, while monitoring for anomalous activity.

Generated by OpenCVE AI on June 17, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell openmanage
Vendors & Products Dell
Dell openmanage

Tue, 16 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code remotely. This is a high severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Openmanage
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-17T11:07:52.593Z

Reserved: 2024-02-01T13:40:59.759Z

Link: CVE-2024-24909

cve-icon Vulnrichment

Updated: 2026-06-17T11:07:49.198Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T17:16:28.303

Modified: 2026-06-16T17:34:39.967

Link: CVE-2024-24909

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T17:30:16Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')