Lucene search

DellVULNRICHMENT:CVE-2023-22576

HistoryAug 21, 2024 - 9:44 a.m.

CVE-2023-22576

2024-08-2109:44:37

CWE-269

dell

github.com

dell repository manager

local privilege escalation

installation module

arbitrary executable

operating system vulnerability

service unavailability

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dell:repository_manager:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "repository_manager",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "3.4.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.dell.com/support/kbdoc/en-us/000207513/dsa-2023-017-dell-emc-repository-manager-drm-security-update-for-an-improper-privilege-management-vulnerability

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.5%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-22576