DSA-2024-475: Security Update for Dell Command| Update, Dell Update, Alienware Update, and Dell SupportAssist for an Improper Link Resolution Before File Access Vulnerability
Summary: Dell Inventory Collector remediation is available for an Improper Link Resolution Before File Access Vulnerability in Inventory Collector invoked within Dell Command| Update, Dell Update, Dell Alienware Update, and Dell SupportAssist for PCs (Home and Business) that may be exploited by malicious users to compromise the affected system. ...
Impact
High
Details
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-47480 |
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. |
7.8 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-47480 |
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. |
7.8 |
Produse afectate și măsuri de remediere
| Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Release Date |
Link |
| Dell Inventory Collector |
Software |
Versions prior to 12.7.0 |
Versions 12.7.0 or later |
12/16/2024 |
| Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Release Date |
Link |
| Dell Inventory Collector |
Software |
Versions prior to 12.7.0 |
Versions 12.7.0 or later |
12/16/2024 |
Dell Command| Update, Dell Update, Alienware Update, and Dell SupportAssist for PCs (Home and Business) automatically updates Inventory Collector without any user interaction. To verify if you are running the remediated version, follow below steps:
- Goto C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC\
- Right Click on invcol.exe, click on Properties, then go to Details tab.
- Verify Product Version is 12.7.0 or later.
- If version is not 12.7.0 or later,
- For SupportAssist,
- Windows Search and select SupportAssist
- Open SupportAssist
- Navigate to “Get Drivers and Downloads” and click on “Run Now”.
- For Dell Command| Update/ Dell Update/ Alienware Update,
- Windows Search and select Dell Command| Update/ Dell Update/ Alienware Update
- Open Dell Command| Update/ Dell Update/ Alienware Update
- Click on “Check”.
- For SupportAssist,
Soluții alternative și strategii de atenuare
None
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2024-12-17 |
Initial Release |
Acknowledgements
CVE-2024-47480: Dell Technologies would like to thank mdanilor for reporting this issue.