DSA-2022-260: Dell Hybrid Client Security Update for Multiple Vulnerabilities

Summary: Dell Hybrid Client remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.

Acest articol se aplică pentru Acest articol nu se aplică pentru Acest articol nu este legat de un produs specific. Acest articol nu acoperă toate versiunile de produs existente.
Consultați alte resurse

Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34428 Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVE-2022-34429		 Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 6.5

 		 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CVE-2022-34430		 Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2022-34431		 Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE-2022-34432		 Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
 
Third-party Component CVEs More information
BlueZ CVE-2022-39176 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2022-39177
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34428 Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

CVE-2022-34429		 Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 6.5

 		 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CVE-2022-34430		 Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVE-2022-34431		 Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVE-2022-34432		 Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
 
Third-party Component CVEs More information
BlueZ CVE-2022-39176 See NVD (http://nvd.nist.gov/) for individual scores for each CVE.
CVE-2022-39177
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Produse afectate și măsuri de remediere

Products Affected Versions Updated Versions Link to Update
Dell Hybrid Client 1.5, 1.6, 1.6.1, and 1.6.2 1.8 Dell Hybrid Client
Products Affected Versions Updated Versions Link to Update
Dell Hybrid Client 1.5, 1.6, 1.6.1, and 1.6.2 1.8 Dell Hybrid Client

Revision History

RevisionDateDescription
1.02022-09-14Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Exonerare de răspundere

Produse afectate

Dell Hybrid Client
Proprietăți articol
Article Number: 000203345
Article Type: Dell Security Advisory
Ultima modificare: 14 sept. 2022
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.