DSA-2024-016: Security Update for Dell Alienware Command Center Vulnerabilities
Summary: Dell Alienware Command Center remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Third-Party Component | CVE(s) | More information |
|---|---|---|
| InstallShield 2023 R2 | CVE-2023-29081 | InstallShield Security Advisory |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22450 |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. |
7.4 |
|
| CVE-2024-0159 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22450 |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. |
7.4 |
|
| CVE-2024-0159 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2024-0159, CVE-2023-29081 | Alienware Command Center 5.x | Software | Versions prior to 5.6.1.0 | Version 5.6.1.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit |
| CVE-2024-22450, CVE-2023-29081 | Alienware Command Center 6.x | Software | Versions prior to 6.2.7.0 | Version 6.2.7.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit Alienware Command Center 6.x | Driver Details | Dell US Alienware Command Center 6.x - Full Installer | Driver Details | Dell US |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2024-0159, CVE-2023-29081 | Alienware Command Center 5.x | Software | Versions prior to 5.6.1.0 | Version 5.6.1.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit |
| CVE-2024-22450, CVE-2023-29081 | Alienware Command Center 6.x | Software | Versions prior to 6.2.7.0 | Version 6.2.7.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit Alienware Command Center 6.x | Driver Details | Dell US Alienware Command Center 6.x - Full Installer | Driver Details | Dell US |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-12 | Initial Release |
| 2.0 | 2024-03-20 | Updated CVE Identifier, Proprietary Code, and Affected Products and Remediation section: Final platform update |
Acknowledgements
CVE-2024-0159: Dell Technologies would like to thank Gee-netics for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Alienware Command CenterArticle Properties
Article Number: 000218222
Article Type: Dell Security Advisory
Last Modified: 18 Nov 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.