DSA-2023-192: Security Update for a Dell Update Package (DUP) Framework Vulnerability
Summary: Dell Update Package (DUP) Framework remediation is available for a Windows junction / mount point vulnerability that could be exploited by malicious users to compromise the affected system. ...
Acest articol se aplică pentru
Acest articol nu se aplică pentru
Acest articol nu este legat de un produs specific.
Acest articol nu acoperă toate versiunile de produs existente.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-32454 | DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | 6.3 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H |
Produse afectate și măsuri de remediere
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
AFFECTED PRODUCT:
For Dell Client Platforms: Dell Update Packages (DUP) Framework file versions prior to 4.9.4.36.REMEDIATION DETAILS:
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts:- A framework providing a consistent interface for applying payloads.
- The payload that is the firmware/BIOS/Drivers/Applications
- Dell Client Platforms: Dell Update Package (DUP) Framework file version 4.9.7.21 or later
Customers should use the latest DUP available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
CAUTION: Dell recommends executing DUP software packages from a protected location, one that requires administrative privileges to access as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-12-06 | Initial Release |
Related Information
Exonerare de răspundere
Produse afectate
Dell Update Packages - Current VersionProprietăți articol
Article Number: 000216236
Article Type: Dell Security Advisory
Ultima modificare: 06 Dec 2023
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.