DSA-2023-387: Security Update for a Dell Command | Configure Vulnerability

目录

详细文章

影响

详情

受影响的产品和补救措施

修订历史记录

相关信息

法律免责声明

受影响的产品

提供反馈

摘要: Dell Command | Configure remediation is available for an improper access control vulnerability that could be exploited by malicious users to compromise the affected system.

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

查看其他资源

影响

High

详情

Proprietary Code CVE(s)	Description	CVSS Base Score	CVSS Vector String
CVE-2023-43086	Dell Command \| Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.	7.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Proprietary Code CVE(s)	Description	CVSS Base Score	CVSS Vector String
CVE-2023-43086	Dell Command \| Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.	7.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

Product	Affected Version(s)	Remediated Version(s)	Link
Dell Command \| Configure	Versions prior to 4.11.0	4.11.0.70, A00	https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=5WCHH

Product	Affected Version(s)	Remediated Version(s)	Link
Dell Command \| Configure	Versions prior to 4.11.0	4.11.0.70, A00	https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=5WCHH

修订历史记录

Revision	Date	Description
1.0	2023-11-21	Initial Release
1.1	2023-11-22	Updated Proprietary Code section: Revised CVE Vulnerability Description

相关信息

法律免责声明

受影响的产品

Dell Command | Configure

文章编号: 000218424

文章类型: Dell Security Advisory

上次修改时间: 22 11月 2023

检查您的设备是否在支持服务涵盖的范围内。