DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities

Summary: Dell Display Manager remediation is available for arbitrary file or folder creation/deletion vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

Acest articol se aplică pentru Acest articol nu se aplică pentru Acest articol nu este legat de un produs specific. Acest articol nu acoperă toate versiunile de produs existente.
Consultați alte resurse

Impact

High

Details

Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2023-28047
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.		 7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2023-28046		 Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2023-28047
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.		 7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2023-28046		 Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Produse afectate și măsuri de remediere

CVE(s) Addressed
 		 Product Affected Version(s) Updated Version(s) Link to Update
CVE-2023-28047 Dell Display Manager 2.1.0 and prior 2.1.1 Support for Dell Display Manager 2.x | Drivers & Downloads
CVE-2023-28046 Dell Display Manager 2.1.0 and prior 2.1.1 Support for Dell Display Manager 2.x | Drivers & Downloads
CVE(s) Addressed
 		 Product Affected Version(s) Updated Version(s) Link to Update
CVE-2023-28047 Dell Display Manager 2.1.0 and prior 2.1.1 Support for Dell Display Manager 2.x | Drivers & Downloads
CVE-2023-28046 Dell Display Manager 2.1.0 and prior 2.1.1 Support for Dell Display Manager 2.x | Drivers & Downloads

Soluții alternative și strategii de atenuare

None.

Revision History

RevisionDateDescription
1.02023-04-04Initial Release

Acknowledgements

Acknowledgements: Dell would like to thank Marius Gabriel Mihai for reporting these issues.
 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Exonerare de răspundere

Produse afectate

Dell Display Manager 2.x, Product Security Information
Proprietăți articol
Article Number: 000211727
Article Type: Dell Security Advisory
Ultima modificare: 04 apr. 2023
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.