Article Number: 000218222
DSA-2024-016: Security Update for Dell Alienware Command Center Vulnerabilities
Summary: Dell Alienware Command Center remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
| Third-Party Component | CVE(s) | More information |
|---|---|---|
| InstallShield 2023 R2 | CVE-2023-29081 | InstallShield Security Advisory |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22450 |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. |
7.4 |
|
| CVE-2024-0159 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22450 |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. |
7.4 |
|
| CVE-2024-0159 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products and Remediation
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2024-0159, CVE-2023-29081 | Alienware Command Center 5.x | Software | Versions prior to 5.6.1.0 | Version 5.6.1.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit |
| CVE-2024-22450, CVE-2023-29081 | Alienware Command Center 6.x | Software | Versions prior to 6.2.7.0 | Version 6.2.7.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit Alienware Command Center 6.x | Driver Details | Dell US Alienware Command Center 6.x - Full Installer | Driver Details | Dell US |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2024-0159, CVE-2023-29081 | Alienware Command Center 5.x | Software | Versions prior to 5.6.1.0 | Version 5.6.1.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit |
| CVE-2024-22450, CVE-2023-29081 | Alienware Command Center 6.x | Software | Versions prior to 6.2.7.0 | Version 6.2.7.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit Alienware Command Center 6.x | Driver Details | Dell US Alienware Command Center 6.x - Full Installer | Driver Details | Dell US |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Acknowledgements
CVE-2024-0159: Dell Technologies would like to thank Gee-netics for reporting this issue.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-12 | Initial Release |
| 2.0 | 2024-03-20 | Updated CVE Identifier, Proprietary Code, and Affected Products and Remediation section: Final platform update |
Related Information
Legal Information
Article Properties
Affected Product
Alienware Command Center
Last Published Date
21 Mar 2024
Version
2
Article Type
Dell Security Advisory