DSA-2022-201: Dell Command | Integration Suite for System Center Security Update for Arbitrary File Write Vulnerability
Summary: Dell Command | Integration Suite for System Center contains remediation for arbitrary file write vulnerability that may be exploited by locally authenticated malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34373 | Dell Command | Integration Suite for System Center versions before 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability in order to perform an arbitrary write as system. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34373 | Dell Command | Integration Suite for System Center versions before 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability in order to perform an arbitrary write as system. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| Product | Affected Versions | Updated Version | Link to Update | |
| Dell Command | Integration Suite for System Center | Versions before 6.2.0 | 6.2.0 | https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=HY40M | |
| Product | Affected Versions | Updated Version | Link to Update | |
| Dell Command | Integration Suite for System Center | Versions before 6.2.0 | 6.2.0 | https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=HY40M | |
Revision History
| Revision | Date | Description |
| 1.0 | 2022-07-26 | Initial Release |
Acknowledgements
Dell would like to thank Johannes Hatting for reporting this issue.