Le damos la bienvenida
Le damos la bienvenida a Dell
Mi cuenta
- Realice pedidos rápida y fácilmente.
- Vea los pedidos y haga el seguimiento del estado del envío.
- Cree una lista de sus productos y acceda a ella
- Gestione sus sitios, productos y contactos a nivel de producto de Dell EMC con la administración de empresa.
Número de artículo: 000211727
DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities
Resumen: Dell Display Manager remediation is available for arbitrary file or folder creation/deletion vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
Contenido del artículo
Impacto
High
Detalles
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H  |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
Productos afectados y corrección
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
Soluciones alternativas y mitigaciones
None.
Agradecimientos
Acknowledgements: Dell would like to thank Marius Gabriel Mihai for reporting these issues.
Historial de revisiones
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-04 | Initial Release |
Información relacionada
Información legal
Propiedades del artículo
Producto afectado
Dell Display Manager 2.x, Product Security Information
Fecha de la última publicación
04 abr 2023
Tipo de artículo
Dell Security Advisory