Description
Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-06-19
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell Server Hardware Manager versions prior to 3.2.2 house an Improper Access Control flaw that allows a local user with lower privileges to gain higher-level access. The vulnerability enables an attacker who can physically or administratively log in locally to elevate their permissions within the hardware manager, potentially giving them control over server‑level configurations or sensitive data. The underlying weakness is categorized as CWE‑284, a failure to enforce access restrictions.

Affected Systems

Vendors affected include Dell, specifically its Server Hardware Manager product. Impacted versions are any releases of Server Hardware Manager older than 3.2.2. Users running these legacy versions are susceptible to the privilege‑escalation flaw.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.8, indicating a high impact if exploited. EPSS data is not available, so the likelihood of exploitation cannot be directly assessed, yet the lack of a KEV listing suggests no confirmed active exploitation at present. The exploit requires local, low‑privileged access; thus, an attacker must already be able to log into the server environment, whether by physical presence or compromised credentials. Given the potential for significant escalation, the risk remains high for systems that remain on legacy versions.

Generated by OpenCVE AI on June 19, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Server Hardware Manager to version 3.2.2 or newer to eliminate the privileged escalation flaw
  • Restrict local access to the hardware manager by limiting physical and administrative entry points to only authorized personnel
  • Enforce strong authentication controls for local logins and review account privileges to minimize the potential impact of compromised accounts

Generated by OpenCVE AI on June 19, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control Allowing Local Privilege Escalation in Dell Server Hardware Manager

Fri, 19 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Description Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-19T07:46:27.513Z

Reserved: 2026-05-14T17:05:39.858Z

Link: CVE-2026-46461

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T09:30:16Z

Weaknesses