Dell Update Package (DUP) Uncontrolled Search Path Vulnerability
CVE-2023-39254

7.3HIGH

Key Information:

Vendor: Dell
Status: Dup Framework
Vendor: CVE Published:; 1 March 2024

What is CVE-2023-39254?

The vulnerability present in Dell Update Package (DUP) prior to version 4.9.10 stems from an Uncontrolled Search Path issue. This flaw could enable a malicious user, with local access to the affected system, to potentially exploit the vulnerability and execute arbitrary code with administrative privileges. This poses a significant security risk for users and organizations relying on affected versions of the software. Users are recommended to upgrade to the latest version to mitigate any risks associated with this vulnerability.

Affected Version(s)

DUP Framework < 4.9.10

References

https://www.dell.com/support/kbdoc/en-us/000217701/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Jul 26, 2023

Credit

Dohyun Lee