Lucene search

DellCVELIST:CVE-2023-32474

HistoryFeb 06, 2024 - 7:53 a.m.

CVE-2023-32474

2024-02-0607:53:22

CWE-1386

dell

www.cve.org

dell display manager

insecure operation

vulnerability

file deletion

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Display Manager",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "2.1.1.17",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2023-32474