DSA-2023-192: Security Update for a Dell Update Package (DUP) Framework Vulnerability
Podsumowanie: Dell Update Package (DUP) Framework remediation is available for a Windows junction / mount point vulnerability that could be exploited by malicious users to compromise the affected system. ...
Ten artykuł dotyczy
Ten artykuł nie dotyczy
Ten artykuł nie jest powiązany z żadnym konkretnym produktem.
Nie wszystkie wersje produktu zostały zidentyfikowane w tym artykule.
Skutki
Medium
Szczegóły
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
Produkty, których dotyczy problem, i środki zaradcze
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
Historia zmian
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-12-06 | Initial Release |
Powiązane informacje
Zastrzeżenie prawne
Produkty, których dotyczy problem
Dell Update Packages - Current VersionWłaściwości artykułu
Numer artykułu: 000216236
Typ artykułu: Dell Security Advisory
Ostatnia modyfikacja: 06 gru 2023
Znajdź odpowiedzi na swoje pytania u innych użytkowników produktów Dell
Usługi pomocy technicznej
Sprawdź, czy Twoje urządzenie jest objęte usługą pomocy technicznej.