Privilege Escalation Vulnerability in Dell Command Configuration Software
CVE-2022-34457

7.3HIGH

Key Information:

Vendor: Dell
Status: Dell Command Configure (dcc)
Vendor: CVE Published:; 18 January 2023

Summary

Dell Command Configuration versions prior to 4.8 are susceptible to a privilege escalation vulnerability due to improper folder permissions assigned when the software is installed in non-default paths. This flaw enables unauthorized users to alter files in the installed directory, potentially rendering the application unusable for all users and compromising system integrity.

Affected Version(s)

Dell Command Configure (DCC) 0 <= 4.8

References

https://www.dell.com/support/kbdoc/000205633

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Jun 23, 2022