Local Privilege Escalation Vulnerability in Dell Repository Manager Could Lead toOS Execution
CVE-2023-22576

7.8HIGH

Key Information:

Vendor: Dell
Status: Dell Repository Manager (drm)
Vendor: CVE Published:; 21 August 2024

Summary

The local privilege escalation vulnerability in Dell Repository Manager, particularly present in version 3.4.2 and earlier, allows a low privileged attacker to exploit improper privilege management within the installation module. This exploitation could lead to the execution of arbitrary executables on the operating system with elevated privileges. Such unauthorized access may result in the potential disruption of service availability and compromise system integrity. It is crucial for users of affected versions to apply the necessary security updates to safeguard against this vulnerability.

Affected Version(s)

Dell Repository Manager (DRM) <= 3.4.2

References

https://www.dell.com/support/kbdoc/en-us/000207513/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2024
Vulnerability Reserved
Jan 2, 2023

Credit

Dell would like to thank Marius Gabriel Mihai for reporting this issue.