Improper Access Control Vulnerability in Dell Repository Manager
CVE-2023-44292

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Repository Manager (drm)
Vendor: CVE Published:; 16 November 2023

Summary

Dell Repository Manager versions 3.4.3 and earlier are susceptible to an improper access control vulnerability within its installation module. This flaw allows a local attacker with low privileges the potential to exploit the system, which could lead to unauthorized privilege escalation. Users are advised to review and update their systems in accordance with Dell's security guidance to mitigate potential risks.

Affected Version(s)

Dell Repository Manager (DRM) Versions prior to 3.4.4

References

https://www.dell.com/support/kbdoc/en-us/000219303/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Sep 28, 2023