Lucene search

[email protected]CVE-2023-32474

HistoryFeb 06, 2024 - 8:15 a.m.

CVE-2023-32474

2024-02-0608:15:50

CWE-59

CWE-1386

[email protected]

web.nvd.nist.gov

dell

display manager

cve-2023-32474

vulnerability

insecure operation

windows junction

mount point

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

Affected configurations

NVD

Node

delldisplay_managerRange<2.1.1.21

CPENameOperatorVersion
dell:display_managerdell display managerlt2.1.1.21

CPE	Name	Operator	Version
dell:display_manager	dell display manager	lt	2.1.1.21

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Display Manager",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "2.1.1.17",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-32474

nvd1 prion1 cvelist1