DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities
Summary: Dell Display Manager remediation is available for arbitrary file or folder creation/deletion vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H  |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
Affected Products & Remediation
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
Workarounds & Mitigations
None.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-04 | Initial Release |
Acknowledgements
Acknowledgements: Dell would like to thank Marius Gabriel Mihai for reporting these issues.
Related Information
Legal Disclaimer
Affected Products
Dell Display Manager 2.x, Product Security InformationArticle Properties
Article Number: 000211727
Article Type: Dell Security Advisory
Last Modified: 04 Apr 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.