DSA-2023-390: Security Update for Dell Command | Configure and Dell Command | Monitor Vulnerabilities
Summary: Dell Command | Configure and Dell Command | Monitor remediation is available for improper access control vulnerabilities that could be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-44289 | Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2023-44290 | Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-44289 | Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| CVE-2023-44290 | Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| CVE(s) Addressed | Product | Affected Version(s) | Remediated Version(s) | Link |
|---|---|---|---|---|
| CVE-2023-44289 | Dell Command | Configure | Versions prior to 4.11.0 | 4.11.0.70, A00 | https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=5WCHH |
| CVE-2023-44290 | Dell Command | Monitor | Versions prior to 10.10.0 | 10.10.0.39, A00 | https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=94WK2 |
| CVE(s) Addressed | Product | Affected Version(s) | Remediated Version(s) | Link |
|---|---|---|---|---|
| CVE-2023-44289 | Dell Command | Configure | Versions prior to 4.11.0 | 4.11.0.70, A00 | https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=5WCHH |
| CVE-2023-44290 | Dell Command | Monitor | Versions prior to 10.10.0 | 10.10.0.39, A00 | https://www.dell.com/support/home/en-us/drivers/DriversDetails?driverId=94WK2 |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-21 | Initial Release |
| 1.1 | 2023-11-22 | Updated Proprietary Code section: Revised CVE Vulnerability Description |
Related Information
Legal Disclaimer
Affected Products
Dell Command | Configure, Dell Command | MonitorArticle Properties
Article Number: 000218628
Article Type: Dell Security Advisory
Last Modified: 22 Nov 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.