Lucene search

DellCVELIST:CVE-2023-22576

HistoryAug 21, 2024 - 9:44 a.m.

CVE-2023-22576

2024-08-2109:44:37

CWE-269

dell

www.cve.org

dell repository manager

local privilege escalation

arbitrary executable

operating system

exploitation

service unavailability

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Repository Manager (DRM)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "3.4.2",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000207513/dsa-2023-017-dell-emc-repository-manager-drm-security-update-for-an-improper-privilege-management-vulnerability

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2023-22576