DSA-2024-016: Security Update for Dell Alienware Command Center Vulnerabilities
Summary: Dell Alienware Command Center remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Αυτό το άρθρο ισχύει για
Αυτό το άρθρο δεν ισχύει για
Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν.
Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Impact
High
Details
| Third-Party Component | CVE(s) | More information |
|---|---|---|
| InstallShield 2023 R2 | CVE-2023-29081 | InstallShield Security Advisory |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22450 |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. |
7.4 |
|
| CVE-2024-0159 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22450 |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. |
7.4 |
|
| CVE-2024-0159 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Επηρεαζόμενα προϊόντα και αποκατάσταση
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2024-0159, CVE-2023-29081 | Alienware Command Center 5.x | Software | Versions prior to 5.6.1.0 | Version 5.6.1.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit |
| CVE-2024-22450, CVE-2023-29081 | Alienware Command Center 6.x | Software | Versions prior to 6.2.7.0 | Version 6.2.7.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit Alienware Command Center 6.x | Driver Details | Dell US Alienware Command Center 6.x - Full Installer | Driver Details | Dell US |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2024-0159, CVE-2023-29081 | Alienware Command Center 5.x | Software | Versions prior to 5.6.1.0 | Version 5.6.1.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit |
| CVE-2024-22450, CVE-2023-29081 | Alienware Command Center 6.x | Software | Versions prior to 6.2.7.0 | Version 6.2.7.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit Alienware Command Center 6.x | Driver Details | Dell US Alienware Command Center 6.x - Full Installer | Driver Details | Dell US |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-12 | Initial Release |
| 2.0 | 2024-03-20 | Updated CVE Identifier, Proprietary Code, and Affected Products and Remediation section: Final platform update |
Acknowledgements
CVE-2024-0159: Dell Technologies would like to thank Gee-netics for reporting this issue.
Related Information
Νομική αποποίηση ευθύνης
Επηρεαζόμενα προϊόντα
Alienware Command CenterΙδιότητες άρθρου
Article Number: 000218222
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 18 Νοε 2024
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.