DSA-2023-074: Dell Trusted Device Agent Security Update for an Improper Installation Permissions Vulnerability
Summary: Dell Trusted Device Agent remediation is available for an improper installation permissions vulnerability that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-25542 | Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-25542 | Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-25542 | Dell Trusted Device Agent | Versions prior to 5.3.0 |
5.3.0 | https://www.dell.com/support/home/product-support/product/trusted-device/drivers |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-25542 | Dell Trusted Device Agent | Versions prior to 5.3.0 |
5.3.0 | https://www.dell.com/support/home/product-support/product/trusted-device/drivers |
Workarounds & Mitigations
Uninstall and re-install Dell Trusted Device Agent with default settings.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-04 | Initial Release |
Acknowledgements
CVE-2023-25542: Dell Technologies would like to thank Marius Gabriel Mihai for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Product Security Information, Dell Trusted DeviceArticle Properties
Article Number: 000209461
Article Type: Dell Security Advisory
Last Modified: 04 Apr 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.