DSA-2023-030: Dell Command | Intel vPro Out of Band Security Update for an Arbitrary Folder Deletion Vulnerability
Summary: Dell Command | Intel vPro Out of Band remediation is available for an arbitrary folder deletion security vulnerability that may be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
Impact
Medium
Details
| Proprietary Code CVEs | Description | More Information |
CVE-2023-23697 |
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H  See NVD (http://nvd.nist.gov/) for additional details. |
| Proprietary Code CVEs | Description | More Information |
CVE-2023-23697 |
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H See NVD (http://nvd.nist.gov/) for additional details. |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2023-23697 | Dell Command | Intel vPro Out of Band | Versions before 4.4.0 | 4.4.0 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=08WTH |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2023-23697 | Dell Command | Intel vPro Out of Band | Versions before 4.4.0 | 4.4.0 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=08WTH |
Revision History
| Revision | Date | Description |
| 1.0 | 2023-02-07 | Initial Release |
Acknowledgements
CVE-2023-23697: Dell Technologies would like to thank ycdxsb for reporting this issue.