CVE-2023-32477: DSA-2023-310: Security Update for Dell EMC Common Event Enabler

Impact

High

Details

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2023-32477

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2023-32477

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed

Product

Affected Versions

Remediated Versions

Link

CVE-2023-32477

Dell EMC Common Event Enabler

Windows CEE versions prior to CEE 8.9.9.0

CEE 8.9.9.0

CEE 8.9.9.0

CVEs Addressed

Product

Affected Versions

Remediated Versions

Link

CVE-2023-32477

Dell EMC Common Event Enabler

Windows CEE versions prior to CEE 8.9.9.0

CEE 8.9.9.0

CEE 8.9.9.0

Workarounds and Mitigations

CVE ID

Workaround and Mitigation

CVE-2023-32477

Install CEE for Windows in the default location (Program Files folder). Do not install CEE in a custom folder.

Acknowledgements

Dell would like to thank hamdi aka falconcorruption for reporting this issue

Revision History

Revision

Date

Description

1.0

2023-09-29

Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide