Headline
CVE-2023-28065: DSA-2023-146: Dell Command | Update, Dell Update, and Alienware Update Security Update for a Privilege Escalation Vulnerability
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
Vaikutus
Medium
Tiedot
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2023-28065
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
6.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2023-28065
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
6.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Version(s)
Updated Version(s)
Link to Update
Dell Command | Update
4.8.0 and prior
4.9.0
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Command | Update Application for Windows 10 | Driver Details | Dell US
Windows 32 and 64-bit versions for Microsoft Windows 10
Dell Command | Update Application | Driver Details | Dell US
Dell Update /
Alienware Update
4.8.0 and prior
4.9.0
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US
Product
Affected Version(s)
Updated Version(s)
Link to Update
Dell Command | Update
4.8.0 and prior
4.9.0
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Command | Update Application for Windows 10 | Driver Details | Dell US
Windows 32 and 64-bit versions for Microsoft Windows 10
Dell Command | Update Application | Driver Details | Dell US
Dell Update /
Alienware Update
4.8.0 and prior
4.9.0
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US
Keinoja ongelman kiertämiseen tai lieventämiseen
None.
Kiitokset
CVE-2023-28065: Dell Technologies would like to thank Marius Gabriel Mihai for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2023-05-09
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Alienware Update, Dell Command | Update, Dell Update, Product Security Information
09 toukok. 2023