Improper Access Control Vulnerability in Dell Common Event Enabler
CVE-2023-32477

7.8HIGH

Key Information:

Vendor: Dell
Status: Common Event Enabler
Vendor: CVE Published:; 29 September 2023

Summary

The Dell Common Event Enabler, specifically version 8.9.8.2 for Windows and earlier releases, suffers from an improper access control vulnerability. A low-privileged local user could exploit this flaw to elevate their privileges, potentially compromising system integrity and allowing unauthorized access to sensitive functions and information. This vulnerability underscores the importance of maintaining strict access control measures and ensuring timely updates to safeguard against potential exploits.

Affected Version(s)

Common Event Enabler Windows CEE versions prior to CEE 8.9.9.0

References

https://www.dell.com/support/kbdoc/en-us/000218120/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2023
Vulnerability Reserved
May 9, 2023

Credit

Dell would like to thank hamdi aka falconcorruption for reporting this issue