DSA-2022-297: Dell Command | Configure Security Update for Multiple Vulnerabilities

Summary: Dell Command | Configure remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Αυτό το άρθρο ισχύει για Αυτό το άρθρο δεν ισχύει για Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν. Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Δείτε άλλους πόρους

Impact

High

Details

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-34457 Dell Command | Configure versions before 4.9.0 contain an Improper Access Control vulnerability. A local low-privileged attacker may potentially exploit this vulnerability, leading to the escalation of privilege. This vulnerability is considered critical as it allows a nonadministrator to modify files inside the installed directory and make the application unavailable for all users. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
 
Third-party Component CVES More information
OpenSSL (3.0.0) CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602
CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-34457 Dell Command | Configure versions before 4.9.0 contain an Improper Access Control vulnerability. A local low-privileged attacker may potentially exploit this vulnerability, leading to the escalation of privilege. This vulnerability is considered critical as it allows a nonadministrator to modify files inside the installed directory and make the application unavailable for all users. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
 
Third-party Component CVES More information
OpenSSL (3.0.0) CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602
CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Επηρεαζόμενα προϊόντα και αποκατάσταση

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3602 Dell Command | Configure Versions before 4.9.0 4.9.0 https://www.dell.com/support/home/drivers/driversdetails?driverid=0H64D
CVE-2022-3786
CVE-2022-34457
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3602 Dell Command | Configure Versions before 4.9.0 4.9.0 https://www.dell.com/support/home/drivers/driversdetails?driverid=0H64D
CVE-2022-3786
CVE-2022-34457

Revision History

RevisionDateDescription
1.02022-11-22Initial Release

Acknowledgements

CVE-2022-34457: Dell Technologies would like to thank Pwni for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Νομική αποποίηση ευθύνης

Επηρεαζόμενα προϊόντα

Dell Command | Configure, Product Security Information
Ιδιότητες άρθρου
Article Number: 000205633
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 22 Νοε 2022
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.