Insecure Operation Vulnerability in Dell Command | Update and Alienware Update
CVE-2023-28065

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Command Update (dcu)
Vendor: CVE Published:; 23 June 2023

What is CVE-2023-28065?

The vulnerability affects Dell Command | Update, Dell Update, and Alienware Update prior to version 4.8.0. It stems from an insecure operation on Windows junctions and mount points, allowing local malicious users to potentially escalate privileges. This security flaw could be exploited to gain user-level access or higher, resulting in unauthorized actions on the system.

Affected Version(s)

Dell Command Update (DCU) 4.8.0 and prior

References

https://www.dell.com/support/kbdoc/en-us/000212574/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Mar 10, 2023