DSA-2023-192: Security Update for a Dell Update Package (DUP) Framework Vulnerability
Oversigt: Dell Update Package (DUP) Framework remediation is available for a Windows junction / mount point vulnerability that could be exploited by malicious users to compromise the affected system. ...
Denne artikel gælder for
Denne artikel gælder ikke for
Denne artikel er ikke knyttet til et bestemt produkt.
Det er ikke alle produktversioner, der er identificeret i denne artikel.
Virkning
Medium
Oplysninger
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
Berørte produkter og udbedring
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
Revisionshistorik
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-12-06 | Initial Release |
Relaterede oplysninger
Ansvarsfraskrivelse
Berørte produkter
Dell Update Packages - Current VersionArtikelegenskaber
Artikelnummer: 000216236
Artikeltype: Dell Security Advisory
Senest ændret: 06 dec. 2023
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.