跳转至主要内容
退出

欢迎访问戴尔

我的帐户
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表
  • 使用“Company Administration”(公司管理),管理Dell EMC站点、产品和产品级联系人。
登录 创建帐户 登录Premier 合作伙伴计划登录
联系我们

您的 Dell.com 购物车

文章编号: 000204950

DSA-2022-298: Dell Command | Update, Dell Update, and Alienware Update Security Update for Multiple Vulnerabilities

摘要: Dell Command | Update, Dell Update, and Alienware Update remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

文章内容

影响

High

详情

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34459 Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Improper Verification of Cryptographic Signature vulnerability. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34458 Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Exposure of Sensitive System Information to an unauthorized user vulnerability. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-34459 Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Improper Verification of Cryptographic Signature vulnerability. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34458 Dell Command | Update, Dell Update, and Alienware Update versions before 4.7 contain an Exposure of Sensitive System Information to an unauthorized user vulnerability. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

Product Affected Versions Updated Versions Link to Update
Dell Command | Update
 		 Versions before 4.7.1
 		 4.7.1
 		 Universal Windows Platform version for Windows 10 32-bit and 64-bit

Dell Command | Update Application for Windows 10 | Driver Details | Dell US
Dell Update /
Alienware Update		 Versions before 4.7.1
 		 4.7.1
 		 Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US
Product Affected Versions Updated Versions Link to Update
Dell Command | Update
 		 Versions before 4.7.1
 		 4.7.1
 		 Universal Windows Platform version for Windows 10 32-bit and 64-bit

Dell Command | Update Application for Windows 10 | Driver Details | Dell US
Dell Update /
Alienware Update		 Versions before 4.7.1
 		 4.7.1
 		 Universal Windows Platform version for Windows 10 32-bit and 64-bit
Dell Update/Alienware Update Application for Windows 10 | Driver Details | Dell US

确认

CVE-2022-34458: Dell would like to thank Alexander Pudwill for reporting this issue.

修订历史记录

RevisionDateDescription
1.02022-11-14Initial Release
20.2022-12-08Updated Affected Products and Remediation section: Affected Version, Updated Version, and Link to Update

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律信息

文章属性

受影响的产品

Alienware, Dell Command | Update, Dell Update, Product Security Information

上次发布日期

12 12月 2022

版本

4

文章类型

Dell Security Advisory

返回页首