Arbitrary Folder Deletion Vulnerability Affects Dell Products
CVE-2023-43078

7.3HIGH

Key Information:

Vendor: Dell
Status: Dell Client Platform, Dell Dock Firmware
Vendor: CVE Published:; 28 August 2024

Summary

A vulnerability in Dell Dock Firmware and Dell Client Platform arises from improper link resolution during the installation process. This security flaw can result in arbitrary folder deletion on the system, which poses significant risks including privilege escalation and potential denial of service. Users of affected products should apply the recommended updates to mitigate these risks and ensure the integrity of their systems. For more details, refer to the official advisory.

Affected Version(s)

Dell Client Platform, Dell Dock Firmware < 1.27.0

Dell Client Platform, Dell Dock Firmware < 1.22.0

Dell Client Platform, Dell Dock Firmware < 1.14.1

References

https://www.dell.com/support/kbdoc/en-us/000217981/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2024
Vulnerability Reserved
Sep 15, 2023