DSA-2022-298: Dell Command | Update, Dell Update, and Alienware Update Security Update for Multiple Vulnerabilities
摘要: Dell Command | Update, Dell Update, and Alienware Update remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
High
详情
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34459 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Improper Verification of Cryptographic Signature vulnerability. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34458 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Exposure of Sensitive System Information to an unauthorized user vulnerability. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34459 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Improper Verification of Cryptographic Signature vulnerability. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2022-34458 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Exposure of Sensitive System Information to an unauthorized user vulnerability. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
受影响的产品和补救措施
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Command | Update |
Versions before 4.7.1 |
4.7.1 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Command | Update Application for Windows 10 | Driver Details | Dell US |
| Dell Update / Alienware Update |
Versions before 4.7.1 |
4.7.1 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Command | Update |
Versions before 4.7.1 |
4.7.1 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Command | Update Application for Windows 10 | Driver Details | Dell US |
| Dell Update / Alienware Update |
Versions before 4.7.1 |
4.7.1 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2022-11-14 | Initial Release |
| 20. | 2022-12-08 | Updated Affected Products and Remediation section: Affected Version, Updated Version, and Link to Update |
确认
CVE-2022-34458: Dell would like to thank Alexander Pudwill for reporting this issue.
相关信息
法律免责声明
受影响的产品
Alienware, Dell Command | Update, Dell Update, Product Security Information文章属性
文章编号: 000204950
文章类型: Dell Security Advisory
上次修改时间: 12 12月 2022
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。