Insecure Operation Vulnerability in Dell Command | Update and Alienware Update Products
CVE-2023-23698

5.5MEDIUM

Key Information:

Vendor: Dell
Status: Dell Command Update (dcu)
Vendor: CVE Published:; 10 February 2023

Badges

📰 News Worthy

What is CVE-2023-23698?

Versions of Dell Command | Update, Dell Update, and Alienware Update prior to 4.6.0 and 4.7.1 are susceptible to an insecure operation vulnerability in their installer component. This flaw may allow a local attacker to manipulate file operations, potentially leading to unauthorized deletion of files on the system. Users of these products are advised to update to the specified versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Dell Command Update (DCU) Versions 4.6.0 and 4.7.1

News Articles

The Cyber Express

CVE-2023-23698

Dell Releases Patch For Windows Vulnerability CVE-2023-23698

Vulnerability Alert: Dell has released a patch for a Windows vulnerability, which allows malicious local users to wreak havoc by deleting arbitrary files

References

https://www.dell.com/support/kbdoc/en-us/000208038/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by The Cyber Express
Apr 2, 2024
Vulnerability published
Feb 10, 2023
Vulnerability Reserved
Jan 17, 2023

JSON