Headline
CVE-2023-23698: DSA-2023-031: Dell Command | Update, Dell Update, and Alienware Update Security Update for a Windows Universal Application Vulnerability
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.
Vaikutus
Medium
Tiedot
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Versions
Updated Versions
Link to Update
Dell Command | Update
Versions 4.6.0 and 4.7.1
4.8.0
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Command | Update Application for Windows 10 | Driver Details | Dell US
Dell Update,
Alienware Update
Versions 4.6.0 and 4.7.1
4.8.0
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Update, Alienware Update Application for Windows 10 | Driver Details | Dell US
Product
Affected Versions
Updated Versions
Link to Update
Dell Command | Update
Versions 4.6.0 and 4.7.1
4.8.0
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Command | Update Application for Windows 10 | Driver Details | Dell US
Dell Update,
Alienware Update
Versions 4.6.0 and 4.7.1
4.8.0
Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Update, Alienware Update Application for Windows 10 | Driver Details | Dell US
Kiitokset
CVE-2023-23698: Dell Technologies would like to thank ycdxsb for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2023-02-06
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
06 helmik. 2023