DSA-2022-254: Dell System Update (DSU) Security Update for a Self-Signed Certificate Vulnerability
摘要: Dell System Update (DSU) remediation is available for a self-signed certificate vulnerability that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
詳細資料
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34404 | Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34404 | Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
受影響的產品與補救措施
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34404 | DSU |
Versions prior to 2.0.1.0 |
2.0.1.0 or later | https://www.dell.com/support/product-details/product/system-update/drivers |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34404 | DSU |
Versions prior to 2.0.1.0 |
2.0.1.0 or later | https://www.dell.com/support/product-details/product/system-update/drivers |
因應措施與緩解措施
None.
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2022-09-26 | Initial Release |
相關資訊
法律免責聲明
受影響的產品
Dell System Update v1.3, Dell System update v1.3.1, Dell System Update v1.1, Dell System Update v1.2, Product Security Information, Dell System update v1.4.0文章屬性
文章編號: 000203733
文章類型: Dell Security Advisory
上次修改時間: 17 2月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。