DSA-2023-146: Dell Command | Update, Dell Update, and Alienware Update Security Update for a Privilege Escalation Vulnerability
Summary: Dell Command | Update, Dell Update, and Alienware Update remediation is available for a Privilege Escalation Vulnerability that could be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-28065 | Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H  |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-28065 | Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell Command | Update |
4.8.0 and prior |
4.9.0 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Command | Update Application for Windows 10 | Driver Details | Dell US Windows 32 and 64-bit versions for Microsoft Windows 10 Dell Command | Update Application | Driver Details | Dell US |
| Dell Update / Alienware Update |
4.8.0 and prior |
4.9.0 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell Command | Update |
4.8.0 and prior |
4.9.0 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Command | Update Application for Windows 10 | Driver Details | Dell US Windows 32 and 64-bit versions for Microsoft Windows 10 Dell Command | Update Application | Driver Details | Dell US |
| Dell Update / Alienware Update |
4.8.0 and prior |
4.9.0 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US |
Workarounds & Mitigations
None.
Revision History
| Revision | Date | Description |
| 1.0 | 2023-05-09 | Initial Release |
Acknowledgements
CVE-2023-28065: Dell Technologies would like to thank Marius Gabriel Mihai for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Alienware Update, Dell Command | Update, Dell Update, Product Security InformationArticle Properties
Article Number: 000212574
Article Type: Dell Security Advisory
Last Modified: 09 May 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.