Local Privilege Escalation Vulnerability in Dell Repository Manager Could Lead toOS Execution

CVE-2023-22576

7.8HIGH

Key Information

Vendor: Dell
Status: Dell Repository Manager (drm)
Vendor: CVE Published:; 21 August 2024

Summary

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

Affected Version(s)

Dell Repository Manager (DRM) <= 3.4.2

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 21, 2024
Vulnerability Reserved.
Jan 2, 2023

Collectors

NVD DatabaseMitre Database

Credit

Dell would like to thank Marius Gabriel Mihai for reporting this issue.