DSA-2022-260: Dell Hybrid Client Security Update for Multiple Vulnerabilities
Samenvatting: Dell Hybrid Client remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
High
Gegevens
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34428 | Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | 5.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
CVE-2022-34429 |
Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 6.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
CVE-2022-34430 |
Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
CVE-2022-34431 |
Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2022-34432 |
Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
| Third-party Component | CVEs | More information |
| BlueZ | CVE-2022-39176 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2022-39177 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34428 | Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | 5.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
CVE-2022-34429 |
Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 6.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
CVE-2022-34430 |
Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
CVE-2022-34431 |
Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2022-34432 |
Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
| Third-party Component | CVEs | More information |
| BlueZ | CVE-2022-39176 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2022-39177 |
Getroffen producten en herstel
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Hybrid Client | 1.5, 1.6, 1.6.1, and 1.6.2 | 1.8 | Dell Hybrid Client |
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Hybrid Client | 1.5, 1.6, 1.6.1, and 1.6.2 | 1.8 | Dell Hybrid Client |
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2022-09-14 | Initial Release |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Dell Hybrid ClientArtikeleigenschappen
Artikelnummer: 000203345
Artikeltype: Dell Security Advisory
Laatst aangepast: 14 sep. 2022
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.