Dell Update Package (DUP) Uncontrolled Search Path Vulnerability
CVE-2023-39254

7.3HIGH

Key Information:

Vendor: Dell
Status: Dup Framework
Vendor: CVE Published:; 1 March 2024

What is CVE-2023-39254?

The vulnerability present in Dell Update Package (DUP) prior to version 4.9.10 stems from an Uncontrolled Search Path issue. This flaw could enable a malicious user, with local access to the affected system, to potentially exploit the vulnerability and execute arbitrary code with administrative privileges. This poses a significant security risk for users and organizations relying on affected versions of the software. Users are recommended to upgrade to the latest version to mitigate any risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DUP Framework < 4.9.10

References

https://www.dell.com/support/kbdoc/en-us/000217701/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Jul 26, 2023

Credit

Dohyun Lee

JSON

Dell

What is CVE-2023-39254?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.