DSA-2023-192: Security Update for a Dell Update Package (DUP) Framework Vulnerability
Summary: Dell Update Package (DUP) Framework remediation is available for a Windows junction / mount point vulnerability that could be exploited by malicious users to compromise the affected system. ...
Αυτό το άρθρο ισχύει για
Αυτό το άρθρο δεν ισχύει για
Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν.
Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
Επηρεαζόμενα προϊόντα και αποκατάσταση
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-12-06 | Initial Release |
Related Information
Νομική αποποίηση ευθύνης
Επηρεαζόμενα προϊόντα
Dell Update Packages - Current VersionΙδιότητες άρθρου
Article Number: 000216236
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 06 Δεκ 2023
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.