Lucene search

[email protected]CVE-2022-34459

HistoryFeb 01, 2023 - 5:15 a.m.

CVE-2022-34459

2023-02-0105:15:12

CWE-347

[email protected]

web.nvd.nist.gov

dell

update

alienware

cve-2022-34459

vulnerability

signature

malicious payload

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

Affected configurations

NVD

Node

dellalienware_updateRange<4.7.1

dellcommand_updateRange<4.7.1

dellupdateRange<4.7.1

CPENameOperatorVersion
dell:alienware_updatedell alienware updatelt4.7.1
dell:command_updatedell command updatelt4.7.1
dell:updatedell updatelt4.7.1

CPE	Name	Operator	Version
dell:alienware_update	dell alienware update	lt	4.7.1
dell:command_update	dell command update	lt	4.7.1
dell:update	dell update	lt	4.7.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Command Update (DCU)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "4.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-34459

prion1 nvd1 cvelist1