CVE-2022-34428: DSA-2022-260: Dell Hybrid Client Security Update for Multiple Vulnerabilities

Vaikutus

High

Tiedot

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34428

Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.

5.0

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVE-2022-34429

Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

6.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CVE-2022-34430

Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

7.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2022-34431

Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE-2022-34432

Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.

7.3

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Third-party Component

CVEs

More information

BlueZ

CVE-2022-39176

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2022-39177

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34428

Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.

5.0

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVE-2022-34429

Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

6.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CVE-2022-34430

Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

7.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2022-34431

Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE-2022-34432

Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.

7.3

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Third-party Component

CVEs

More information

BlueZ

CVE-2022-39176

See NVD (http://nvd.nist.gov/) for individual scores for each CVE.

CVE-2022-39177

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

Products

Affected Versions

Updated Versions

Link to Update

Dell Hybrid Client

1.5, 1.6, 1.6.1, and 1.6.2

1.8

Dell Hybrid Client

Products

Affected Versions

Updated Versions

Link to Update

Dell Hybrid Client

1.5, 1.6, 1.6.1, and 1.6.2

1.8

Dell Hybrid Client

Versiohistoria

Revision

Date

Description

1.0

2022-09-14

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

14 syysk. 2022