Headline
CVE-2023-28070: DSA-2023-135: Alienware Command Center Security Update for a Local Privilege Escalation Vulnerability
Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.
Vaikutus
Medium
Tiedot
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2023-28070
Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.
6.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
See NVD (http://nvd.nist.gov/) for additional details.
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2023-28070
Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.
6.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
See NVD (http://nvd.nist.gov/) for additional details.
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Version(s)
Updated Version(s)
Link to Update
Alienware Command Center
Version 5.5.43.0 and prior.
5.5.46.0
Alienware Command Center for Windows 11 and Windows 10 64-bit
Alienware Command Center Application
Product
Affected Version(s)
Updated Version(s)
Link to Update
Alienware Command Center
Version 5.5.43.0 and prior.
5.5.46.0
Alienware Command Center for Windows 11 and Windows 10 64-bit
Alienware Command Center Application
Keinoja ongelman kiertämiseen tai lieventämiseen
None.
Kiitokset
CVE-2023-28070: Dell Technologies would like to thank Marius Gabriel Mihai for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2023-04-24
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
24 huhtik. 2023