DSA-2024-016: Security Update for Dell Alienware Command Center Vulnerabilities
Zhrnutie: Dell Alienware Command Center remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Dosah
High
Podrobnosti
| Third-Party Component | CVE(s) | More information |
|---|---|---|
| InstallShield 2023 R2 | CVE-2023-29081 | InstallShield Security Advisory |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22450 |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. |
7.4 |
|
| CVE-2024-0159 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-22450 |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. |
7.4 |
|
| CVE-2024-0159 | Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Dotknuté produkty a riešenie problému
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2024-0159, CVE-2023-29081 | Alienware Command Center 5.x | Software | Versions prior to 5.6.1.0 | Version 5.6.1.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit |
| CVE-2024-22450, CVE-2023-29081 | Alienware Command Center 6.x | Software | Versions prior to 6.2.7.0 | Version 6.2.7.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit Alienware Command Center 6.x | Driver Details | Dell US Alienware Command Center 6.x - Full Installer | Driver Details | Dell US |
| CVEs Addressed | Product | Software/Firmware | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|---|
| CVE-2024-0159, CVE-2023-29081 | Alienware Command Center 5.x | Software | Versions prior to 5.6.1.0 | Version 5.6.1.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit |
| CVE-2024-22450, CVE-2023-29081 | Alienware Command Center 6.x | Software | Versions prior to 6.2.7.0 | Version 6.2.7.0 | Alienware Command Center for Windows 11 and Windows 10 64-bit Alienware Command Center 6.x | Driver Details | Dell US Alienware Command Center 6.x - Full Installer | Driver Details | Dell US |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
História revízií
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-12 | Initial Release |
| 2.0 | 2024-03-20 | Updated CVE Identifier, Proprietary Code, and Affected Products and Remediation section: Final platform update |
Potvrdenia
CVE-2024-0159: Dell Technologies would like to thank Gee-netics for reporting this issue.
Súvisiace informácie
Legal Disclaimer
Dotknuté produkty
Alienware Command CenterVlastnosti článku
Číslo článku: 000218222
Typ článku: Dell Security Advisory
Dátum poslednej úpravy: 18 nov 2024
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.