DSA-2023-338: Security Update for a Dell Update Package (DUP) Framework Vulnerability
Samenvatting: Dell Update Package (DUP) Framework remediation is available for an Uncontrolled Search Path vulnerability that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Medium
Meer details
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts: 1. A framework providing a consistent interface for applying payloads. 2. The payload is the firmware/Driver/Software. An Uncontrolled Search Path Vulnerability is applicable to Dell Update Package (DUP) Framework file versions prior to 4.9.10 used in Dell Client Platforms.
Gegevens
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Getroffen producten en herstel
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|
| Dell Update Package (DUP) Framework | Versions prior to 4.9.10 | 4.9.10 |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|
| Dell Update Package (DUP) Framework | Versions prior to 4.9.10 | 4.9.10 |
CAUTION: Dell recommends executing Dell Update Package (DUP) software packages from a protected location, one that requires administrative privileges to access, as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
Tijdelijke oplossingen en risicobeperking
NOTE: Customers should use the latest Dell Update Package (DUP) available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
NOTE: To check the DUP Framework file version, right-click on the DUP file, select Properties, and click on the Details tab to find the File version number.
Revisiegeschiedenis
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-02-13 | Initial Release |
| 2.0 | 2024-02-21 | Updated for enhanced presentation with no changes to content |
| 3.0 | 2024-02-21 | Updated for enhanced presentation with no changes to content |
| 4.0 | 2024-02-29 | Updated for enhanced presentation with no changes to content |
Bevestigingen
Dell Technologies would like to thank Dohyun Lee for reporting this issue.
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Dell Update Packages - Current VersionArtikeleigenschappen
Artikelnummer: 000217701
Artikeltype: Dell Security Advisory
Laatst aangepast: 29 feb. 2024
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.