DSA-2025-034: Security update for Dell Update Package (DUP) Framework Vulnerability

詳細文章

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

提供意見反應

摘要: Dell Update Package (DUP) Framework remediation is available for a Local Privilege Escalation vulnerability that could be exploited by malicious users to compromise the affected system. ...

本文章適用於本文章不適用於本文無關於任何特定產品。本文未識別所有產品版本。

查看其他資源

影響

High

詳細資料

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-22395	Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.	8.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-22395	Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.	8.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Dell Technologies 建議所有客戶不僅要參考 CVSS 基本分數，也要將可能會影響與特定安全漏洞相關之潛在嚴重性的所有相關暫時和環境分數納入考量。

受影響的產品與補救措施

Product	Affected Versions	Remediated Versions	Link
Dell Update Package (DUP) Framework	Versions prior to 22.01.02	Version 22.01.02 or later	https://www.dell.com/support

Product	Affected Versions	Remediated Versions	Link
Dell Update Package (DUP) Framework	Versions prior to 22.01.02	Version 22.01.02 or later	https://www.dell.com/support

Note: To check the DUP Framework file version, right-click on the DUP file, select Properties, and click on the Details tab to find the File version number.

因應措施與緩解措施

CVE ID	Workaround and Mitigation
CVE-2025-22395	Recommend users not to use Extract option in Microsoft Windows OS if the File Version of update package is less than 22.01.02. If it is less than 22.01.02 we suggest using extract option via command prompt.

修訂歷史記錄

Revision	Date	Description
1.0	2025-01-06	Initial Release
2.0	2025-01-06	Formatting change for the highlighted Note. No changes to content.

感謝

Dell would like to thank Gee-netics for reporting this issue.

法律免責聲明

受影響的產品

C Series, HS Series, Modular Infrastructure, Rack Servers, Tower Servers, XE Servers, XR Servers, OEM Server Solutions, Dell Update Packages - Current Version

文章編號: 000269079

文章類型: Dell Security Advisory

上次修改時間: 06 1月 2025

檢查您的裝置是否在支援服務的涵蓋範圍內。

DSA-2025-034: Security update for Dell Update Package (DUP) Framework Vulnerability

摘要: Dell Update Package (DUP) Framework remediation is available for a Local Privilege Escalation vulnerability that could be exploited by malicious users to compromise the affected system. ...

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

DSA-2025-034: Security update for Dell Update Package (DUP) Framework Vulnerability

摘要: Dell Update Package (DUP) Framework remediation is available for a Local Privilege Escalation vulnerability that could be exploited by malicious users to compromise the affected system. ... 檢視更多內容 檢視較少內容

詳細文章

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

影響

詳細資料

受影響的產品與補救措施

因應措施與緩解措施

修訂歷史記錄

感謝

相關資訊

法律免責聲明

受影響的產品

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

文章屬性

向其他 Dell 使用者尋求您問題的答案

支援服務

摘要: Dell Update Package (DUP) Framework remediation is available for a Local Privilege Escalation vulnerability that could be exploited by malicious users to compromise the affected system. ...