Headline
CVE-2023-43086: DSA-2023-387: Security Update for a Dell Command | Configure Vulnerability
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.
Impact
High
Details
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2023-43086
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2023-43086
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Product
Affected Version(s)
Remediated Version(s)
Link
Dell Command | Configure
Versions prior to 4.11.0
4.11.0.70, A00
https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=5WCHH
Product
Affected Version(s)
Remediated Version(s)
Link
Dell Command | Configure
Versions prior to 4.11.0
4.11.0.70, A00
https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=5WCHH
Revision History
Revision
Date
Description
1.0
2023-11-21
Initial Release
1.1
2023-11-22
Updated Proprietary Code section: Revised CVE Vulnerability Description
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide