Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000203345


DSA-2022-260: Dell Hybrid Client Security Update for Multiple Vulnerabilities

Summary: Dell Hybrid Client remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34428 Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVE-2022-34429
Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 6.5

 
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CVE-2022-34430
Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2022-34431
Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE-2022-34432
Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
 
Third-party Component CVEs More information
BlueZ CVE-2022-39176 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2022-39177
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34428 Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVE-2022-34429
Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 6.5

 
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CVE-2022-34430
Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2022-34431
Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE-2022-34432
Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
 
Third-party Component CVEs More information
BlueZ CVE-2022-39176 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2022-39177
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Products Affected Versions Updated Versions Link to Update
Dell Hybrid Client 1.5, 1.6, 1.6.1, and 1.6.2 1.8 Dell Hybrid Client
Products Affected Versions Updated Versions Link to Update
Dell Hybrid Client 1.5, 1.6, 1.6.1, and 1.6.2 1.8 Dell Hybrid Client
Revision History

RevisionDateDescription
1.02022-09-14Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

Dell Hybrid Client

Last Published Date

14 Sep 2022

Version

1

Article Type

Dell Security Advisory