Lucene search

DellCVELIST:CVE-2023-28049

HistoryFeb 06, 2024 - 6:43 a.m.

CVE-2023-28049

2024-02-0606:43:50

CWE-267

dell

www.cve.org

dell command monitor

arbitrary folder deletion

vulnerability

version 10.9

locally authenticated

malicious user

privileged

file delete

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Command Monitor (DCM)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "10.9",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000211748/dsa-2023-125-dell-command-monitor-dcm

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2023-28049