Headline

CVE-2023-43089: DSA-2023-371: Dell Rugged Control Center Security Update for an Improper Access Control Vulnerability

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.

10 months ago

CVE

Open in Source

#vulnerability #mac #git #auth #dell

Impact

Medium

Details

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2023-43089

4.4

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2023-43089

4.4

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2023-43089

Dell Rugged Control Center

Versions prior to 4.7

Version 4.7

https://www.dell.com/support/home/drivers/driversdetails?driverid=4M3T2

CVE(s) Addressed

Product

Affected Version(s)

Updated Version(s)

Link to Update

CVE-2023-43089

Dell Rugged Control Center

Versions prior to 4.7

Version 4.7

https://www.dell.com/support/home/drivers/driversdetails?driverid=4M3T2

Workarounds and Mitigations

Dell Rugged Control Center UI would provide an SHA-256 hash of the Policy File to the administrator, which can be used to cross-verify the legitimacy of the policy file after transfer.

Revision History

Revision

Date

Description

1.0

2023-11-30

Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide