DSA-2023-192: Security Update for a Dell Update Package (DUP) Framework Vulnerability
Resumen: Dell Update Package (DUP) Framework remediation is available for a Windows junction / mount point vulnerability that could be exploited by malicious users to compromise the affected system. ...
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Medium
Detalles
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
Corrección y productos afectados
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
Historial de revisiones
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-12-06 | Initial Release |
Información relacionada
Descargo de responsabilidad
Productos afectados
Dell Update Packages - Current VersionPropiedades del artículo
Número del artículo: 000216236
Tipo de artículo: Dell Security Advisory
Última modificación: 06 dic 2023
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.