DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities
Samenvatting: Dell Display Manager remediation is available for arbitrary file or folder creation/deletion vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
High
Gegevens
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H  |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges. |
7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-28046 |
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. | 6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
Getroffen producten en herstel
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE(s) Addressed |
Product | Affected Version(s) | Updated Version(s) | Link to Update |
|---|---|---|---|---|
| CVE-2023-28047 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
| CVE-2023-28046 | Dell Display Manager | 2.1.0 and prior | 2.1.1 | Support for Dell Display Manager 2.x | Drivers & Downloads |
Tijdelijke oplossingen en risicobeperking
None.
Revisiegeschiedenis
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-04-04 | Initial Release |
Bevestigingen
Acknowledgements: Dell would like to thank Marius Gabriel Mihai for reporting these issues.
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Dell Display Manager 2.x, Product Security InformationArtikeleigenschappen
Artikelnummer: 000211727
Artikeltype: Dell Security Advisory
Laatst aangepast: 04 apr. 2023
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.