Lucene search

DellCVELIST:CVE-2023-43089

HistoryDec 01, 2023 - 2:06 a.m.

CVE-2023-43089

2023-12-0102:06:51

CWE-284

dell

www.cve.org

dell rugged control center

version 4.7

insufficient protection

policy folder

local user

exploit vulnerability

unauthorized access

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Rugged Control Center",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 4.7"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-43089