DSA-2023-031: Dell Command | Update, Dell Update, and Alienware Update Security Update for a Windows Universal Application Vulnerability
Summary: Dell Command | Update, Dell Update, and Alienware Update remediation is available for a Windows Universal Application vulnerability that may be exploited by malicious users to compromise the affected systems. ...
Impact
Medium
Details
| Proprietary Code CVEs | Description | More Information |
| CVE-2023-23698 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H  See NVD (http://nvd.nist.gov/) for additional details. |
| Proprietary Code CVEs | Description | More Information |
| CVE-2023-23698 | Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H See NVD (http://nvd.nist.gov/) for additional details. |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Command | Update |
Versions 4.6.0 and 4.7.1 |
4.8.0 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Command | Update Application for Windows 10 | Driver Details | Dell US |
| Dell Update, Alienware Update |
Versions 4.6.0 and 4.7.1 | 4.8.0 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Update, Alienware Update Application for Windows 10 | Driver Details | Dell US |
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Command | Update |
Versions 4.6.0 and 4.7.1 |
4.8.0 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Command | Update Application for Windows 10 | Driver Details | Dell US |
| Dell Update, Alienware Update |
Versions 4.6.0 and 4.7.1 | 4.8.0 |
Universal Windows Platform version for Windows 10 32-bit and 64-bit Dell Update, Alienware Update Application for Windows 10 | Driver Details | Dell US |
Revision History
| Revision | Date | Description |
| 1.0 | 2023-02-06 | Initial Release |
Acknowledgements
CVE-2023-23698: Dell Technologies would like to thank ycdxsb for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Dell Command | Update, Product Security InformationArticle Properties
Article Number: 000208038
Article Type: Dell Security Advisory
Last Modified: 06 Feb 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.
Article Properties
Article Number: 000208038
Article Type: Dell Security Advisory
Last Modified: 06 Feb 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.