Headline
CVE-2022-34459: DSA-2022-298: Dell Command | Update, Dell Update, and Alienware Update Security Update for Multiple Vulnerabilities
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.
Vaikutus
High
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34459
Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Improper Verification of Cryptographic Signature vulnerability. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34458
Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Exposure of Sensitive System Information to an unauthorized user vulnerability. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34459
Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Improper Verification of Cryptographic Signature vulnerability. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34458
Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Exposure of Sensitive System Information to an unauthorized user vulnerability. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Versions
Updated Versions
Link to Update
Dell Command | Update
Versions before 4.7.1
4.7.1
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Command | Update Application for Windows 10 | Driver Details | Dell US
Dell Update /
Alienware Update
Versions before 4.7.1
4.7.1
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US
Product
Affected Versions
Updated Versions
Link to Update
Dell Command | Update
Versions before 4.7.1
4.7.1
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Command | Update Application for Windows 10 | Driver Details | Dell US
Dell Update /
Alienware Update
Versions before 4.7.1
4.7.1
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US
Kiitokset
CVE-2022-34458: Dell would like to thank Alexander Pudwill for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2022-11-14
Initial Release
2022-12-08
Updated Affected Products and Remediation section: Affected Version, Updated Version, and Link to Update
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
12 jouluk. 2022