DSA-2023-338: Security Update for a Dell Update Package (DUP) Framework Vulnerability
Сводка: Dell Update Package (DUP) Framework remediation is available for an Uncontrolled Search Path vulnerability that could be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Medium
Дополнительные сведения
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts: 1. A framework providing a consistent interface for applying payloads. 2. The payload is the firmware/Driver/Software. An Uncontrolled Search Path Vulnerability is applicable to Dell Update Package (DUP) Framework file versions prior to 4.9.10 used in Dell Client Platforms.
Подробные сведения
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Затронутые продукты и исправление
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|
| Dell Update Package (DUP) Framework | Versions prior to 4.9.10 | 4.9.10 |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|
| Dell Update Package (DUP) Framework | Versions prior to 4.9.10 | 4.9.10 |
CAUTION: Dell recommends executing Dell Update Package (DUP) software packages from a protected location, one that requires administrative privileges to access, as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
Временные решения и снижение риска
NOTE: Customers should use the latest Dell Update Package (DUP) available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
NOTE: To check the DUP Framework file version, right-click on the DUP file, select Properties, and click on the Details tab to find the File version number.
История изменений
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-02-13 | Initial Release |
| 2.0 | 2024-02-21 | Updated for enhanced presentation with no changes to content |
| 3.0 | 2024-02-21 | Updated for enhanced presentation with no changes to content |
| 4.0 | 2024-02-29 | Updated for enhanced presentation with no changes to content |
Сведения об авторе и авторских правах
Dell Technologies would like to thank Dohyun Lee for reporting this issue.
Связанная информация
Правовая оговорка
Затронутые продукты
Dell Update Packages - Current VersionСвойства статьи
Номер статьи: 000217701
Тип статьи: Dell Security Advisory
Последнее изменение: 29 Feb 2024
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.