Insecure Operation Vulnerability in Dell Command | Update and Alienware Update Products
CVE-2023-23698

7.1HIGH

Key Information:

Vendor
Dell
Status
Dell Command Update (DCU)
Vendor
CVE Published:
10 February 2023

Badges

πŸ“° News Worthy

Summary

Versions of Dell Command | Update, Dell Update, and Alienware Update prior to 4.6.0 and 4.7.1 are susceptible to an insecure operation vulnerability in their installer component. This flaw may allow a local attacker to manipulate file operations, potentially leading to unauthorized deletion of files on the system. Users of these products are advised to update to the specified versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Dell Command Update (DCU) Versions 4.6.0 and 4.7.1

News Articles

favicon imageThe Cyber Express

Dell Releases Patch For Windows Vulnerability CVE-2023-23698

Vulnerability Alert: Dell has released a patch for a Windows vulnerability, which allows malicious local users to wreak havoc by deleting arbitrary files

9 months ago

References

https://www.dell.com/support/kbdoc/en-us/000208038/dsa-20...
vendor-advisory

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

.