DSA-2024-475: Security Update for Dell Command| Update, Dell Update, Alienware Update, and Dell SupportAssist for an Improper Link Resolution Before File Access Vulnerability
Summary: Dell Inventory Collector remediation is available for an Improper Link Resolution Before File Access Vulnerability in Inventory Collector invoked within Dell Command| Update, Dell Update, Dell Alienware Update, and Dell SupportAssist for PCs (Home and Business) that may be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-47480 |
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. |
7.8 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-47480 |
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. |
7.8 |
Affected Products & Remediation
| Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Release Date |
Link |
| Dell Inventory Collector |
Software |
Versions prior to 12.7.0 |
Versions 12.7.0 or later |
12/16/2024 |
| Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Release Date |
Link |
| Dell Inventory Collector |
Software |
Versions prior to 12.7.0 |
Versions 12.7.0 or later |
12/16/2024 |
Dell Command| Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business) automatically updates Inventory Collector without any user interaction. To verify if you are running the remediated version, follow below steps:
- Goto C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC\
- Right Click on invcol.exe, click on Properties, then go to Details tab.
- Verify Product Version is 12.7.0 or later.
- If version is not 12.7.0 or later,
- For SupportAssist,
- Windows Search and select SupportAssist
- Open SupportAssist
- Navigate to “Get Drivers and Downloads” and click on “Run Now”.
- For Dell Command| Update/ Dell Update/ Alienware Update,
- Windows Search and select Dell Command| Update/ Dell Update/ Alienware Update
- Open Dell Command| Update/ Dell Update/ Alienware Update
- Click on “Check”.
- For SupportAssist,
Workarounds & Mitigations
None
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2024-12-17 |
Initial Release |
Acknowledgements
CVE-2024-47480: Dell Technologies would like to thank mdanilor for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Alienware Update, Dell Command | Update, SupportAssist for Home PCs, Dell Update, SupportAssist for Business PCsArticle Properties
Article Number: 000255700
Article Type: Dell Security Advisory
Last Modified: 17 Dec 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.