Insecure Operation Vulnerability in Dell Command | Update and Alienware Update Products
CVE-2023-23698

5.5MEDIUM

Key Information:

Vendor

Dell
Status
Dell Command Update (dcu)
Vendor
CVE Published:
10 February 2023

Badges

đź“° News Worthy

What is CVE-2023-23698?

Versions of Dell Command | Update, Dell Update, and Alienware Update prior to 4.6.0 and 4.7.1 are susceptible to an insecure operation vulnerability in their installer component. This flaw may allow a local attacker to manipulate file operations, potentially leading to unauthorized deletion of files on the system. Users of these products are advised to update to the specified versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Dell Command Update (DCU) Versions 4.6.0 and 4.7.1

News Articles

favicon imageThe Cyber Express

Dell Releases Patch For Windows Vulnerability CVE-2023-23698

Vulnerability Alert: Dell has released a patch for a Windows vulnerability, which allows malicious local users to wreak havoc by deleting arbitrary files

References

https://www.dell.com/support/kbdoc/en-us/000208038/dsa-20...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-23698 : Insecure Operation Vulnerability in Dell Command | Update and Alienware Update Products