Improper Installation Permissions in Dell Trusted Device Agent
CVE-2023-25542

7HIGH

Key Information:

Vendor: Dell
Status: dell Trusted Device Client
Vendor: CVE Published:; 6 April 2023

What is CVE-2023-25542?

The Dell Trusted Device Agent, found in versions prior to 5.3.0, has a vulnerability that improperly handles installation permissions. This flaw could allow an unauthenticated local attacker to exploit the system, potentially causing escalated privileges and unauthorized actions within the operating environment. Users are encouraged to update to the latest version to mitigate associated risks.

Affected Version(s)

Dell Trusted Device Client Versions prior to 5.3.0

References

https://www.dell.com/support/kbdoc/en-us/000209461/dsa-20...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2023
Vulnerability Reserved
Feb 7, 2023