DSA-2022-297: Dell Command | Configure Security Update for Multiple Vulnerabilities

Summary: Dell Command | Configure remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Bu makale şunlar için geçerlidir: Bu makale şunlar için geçerli değildir: Bu makale, belirli bir ürüne bağlı değildir. Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Diğer kaynaklara göz atın

Impact

High

Details

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-34457 Dell Command | Configure versions before 4.9.0 contain an Improper Access Control vulnerability. A local low-privileged attacker may potentially exploit this vulnerability, leading to the escalation of privilege. This vulnerability is considered critical as it allows a nonadministrator to modify files inside the installed directory and make the application unavailable for all users. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
 
Third-party Component CVES More information
OpenSSL (3.0.0) CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602
CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2022-34457 Dell Command | Configure versions before 4.9.0 contain an Improper Access Control vulnerability. A local low-privileged attacker may potentially exploit this vulnerability, leading to the escalation of privilege. This vulnerability is considered critical as it allows a nonadministrator to modify files inside the installed directory and make the application unavailable for all users. 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
 
Third-party Component CVES More information
OpenSSL (3.0.0) CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602
CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Etkilenen Ürünler ve Düzeltme

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3602 Dell Command | Configure Versions before 4.9.0 4.9.0 https://www.dell.com/support/home/drivers/driversdetails?driverid=0H64D
CVE-2022-3786
CVE-2022-34457
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-3602 Dell Command | Configure Versions before 4.9.0 4.9.0 https://www.dell.com/support/home/drivers/driversdetails?driverid=0H64D
CVE-2022-3786
CVE-2022-34457

Revision History

RevisionDateDescription
1.02022-11-22Initial Release

Acknowledgements

CVE-2022-34457: Dell Technologies would like to thank Pwni for reporting this issue.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Yasal Uyarı

Etkilenen Ürünler

Dell Command | Configure, Product Security Information
Makale Özellikleri
Article Number: 000205633
Article Type: Dell Security Advisory
Son Değiştirme: 22 Kas 2022
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.