Article Number: 000217701
Medium
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts: 1. A framework providing a consistent interface for applying payloads. 2. The payload is the firmware/Driver/Software. An Uncontrolled Search Path Vulnerability is applicable to Dell Update Package (DUP) Framework file versions prior to 4.9.10 used in Dell Client Platforms.
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
---|---|---|---|
Dell Update Package (DUP) Framework | Versions prior to 4.9.10 | 4.9.10 |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
---|---|---|---|
Dell Update Package (DUP) Framework | Versions prior to 4.9.10 | 4.9.10 |
Dell Technologies would like to thank Dohyun Lee for reporting this issue.
Revision | Date | Description |
---|---|---|
1.0 | 2024-02-13 | Initial Release |
2.0 | 2024-02-21 | Updated for enhanced presentation with no changes to content |
3.0 | 2024-02-21 | Updated for enhanced presentation with no changes to content |
4.0 | 2024-02-29 | Updated for enhanced presentation with no changes to content |
Dell Update Packages - Current Version
29 Feb 2024
4
Dell Security Advisory