DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities
摘要: Dell Display Manager remediation is available for arbitrary file or folder creation/deletion vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
High
详情
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H  |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
受影响的产品和补救措施
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
解决方法和缓解措施
None.
修订历史记录
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-04 | Initial Release |
确认
Acknowledgements: Dell would like to thank Marius Gabriel Mihai for reporting these issues.
相关信息
法律免责声明
受影响的产品
Dell Display Manager 2.x, Product Security Information文章属性
文章编号: 000211727
文章类型: Dell Security Advisory
上次修改时间: 04 4月 2023
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。