Local Privilege Escalation Vulnerability in Dell Repository Manager Could Lead toOS Execution

CVE-2023-22576

7.8HIGH

Key Information

Vendor
Dell
Status
Dell Repository Manager (drm)
Vendor
CVE Published:
21 August 2024

Summary

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

Affected Version(s)

Dell Repository Manager (DRM) <= 3.4.2

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Dell would like to thank Marius Gabriel Mihai for reporting this issue.
.