DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities
Resumen: Dell Display Manager remediation is available for arbitrary file or folder creation/deletion vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
Este artículo se aplica a:
Este artículo no se aplica a:
Este artículo no está vinculado a ningún producto específico.
En este artículo no se identifican todas las versiones de los productos.
Impacto
High
Detalles
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H  |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
Productos afectados y corrección
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
Soluciones alternativas y mitigaciones
None.
Historial de revisiones
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-04 | Initial Release |
Agradecimientos
Acknowledgements: Dell would like to thank Marius Gabriel Mihai for reporting these issues.
Información relacionada
Aviso legal
Productos afectados
Dell Display Manager 2.x, Product Security InformationPropiedades del artículo
Número de artículo: 000211727
Tipo de artículo: Dell Security Advisory
Última modificación: 04 abr 2023
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.