DSA-2023-338: Security Update for a Dell Update Package (DUP) Framework Vulnerability
摘要: Dell Update Package (DUP) Framework remediation is available for an Uncontrolled Search Path vulnerability that could be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
其他詳細資料
A (DUP) is a self-contained executable in a standard package format that updates a single software/firmware element on the system. A DUP consists of two parts: 1. A framework providing a consistent interface for applying payloads. 2. The payload is the firmware/Driver/Software. An Uncontrolled Search Path Vulnerability is applicable to Dell Update Package (DUP) Framework file versions prior to 4.9.10 used in Dell Client Platforms.
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39254 | Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin. | 6.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
受影響的產品與補救措施
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|
| Dell Update Package (DUP) Framework | Versions prior to 4.9.10 | 4.9.10 |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|
| Dell Update Package (DUP) Framework | Versions prior to 4.9.10 | 4.9.10 |
CAUTION: Dell recommends executing Dell Update Package (DUP) software packages from a protected location, one that requires administrative privileges to access, as a best practice.
CAUTION: Dell recommends customers follow security best practices for malware protection. Customers should use security software to help protect against malware (advanced threat prevention software or anti-virus).
因應措施與緩解措施
NOTE: Customers should use the latest Dell Update Package (DUP) available from Dell support when updating their systems. Customers do not need to download and rerun DUPs if the system is already running the latest BIOS, firmware, or driver content.
NOTE: To check the DUP Framework file version, right-click on the DUP file, select Properties, and click on the Details tab to find the File version number.
修訂歷史記錄
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-02-13 | Initial Release |
| 2.0 | 2024-02-21 | Updated for enhanced presentation with no changes to content |
| 3.0 | 2024-02-21 | Updated for enhanced presentation with no changes to content |
| 4.0 | 2024-02-29 | Updated for enhanced presentation with no changes to content |
感謝
Dell Technologies would like to thank Dohyun Lee for reporting this issue.
相關資訊
法律免責聲明
受影響的產品
Dell Update Packages - Current Version文章屬性
文章編號: 000217701
文章類型: Dell Security Advisory
上次修改時間: 29 2月 2024
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。