Article Number: 000203345
High
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34428 | Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | 5.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
CVE-2022-34429 |
Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 6.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
CVE-2022-34430 |
Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
CVE-2022-34431 |
Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2022-34432 |
Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
| Third-party Component | CVEs | More information |
| BlueZ | CVE-2022-39176 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2022-39177 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34428 | Dell Hybrid Client versions below 1.8 contain a Regular Expression Denial of Service Vulnerability in UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service. | 5.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L |
CVE-2022-34429 |
Dell Hybrid Client versions below 1.8 contain a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 6.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
CVE-2022-34430 |
Dell Hybrid Client versions below 1.8 contain a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | 7.1 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
CVE-2022-34431 |
Dell Hybrid Client versions below 1.8 contain a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
CVE-2022-34432 |
Dell Hybrid Client versions below 1.8 contain a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
| Third-party Component | CVEs | More information |
| BlueZ | CVE-2022-39176 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
| CVE-2022-39177 |
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Hybrid Client | 1.5, 1.6, 1.6.1, and 1.6.2 | 1.8 | Dell Hybrid Client |
| Products | Affected Versions | Updated Versions | Link to Update |
| Dell Hybrid Client | 1.5, 1.6, 1.6.1, and 1.6.2 | 1.8 | Dell Hybrid Client |
| Revision | Date | Description |
| 1.0 | 2022-09-14 | Initial Release |
Dell Hybrid Client
14 Sep 2022
Dell Security Advisory