CVE-2023-23698 - OpenCVE

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Alienware Update Command Update

Configuration 1 [-]

OR	cpe:2.3:a:dell:alienware_update:4.6.0:::::::*
	cpe:2.3:a:dell:alienware_update:4.7.1:::::::*
	cpe:2.3:a:dell:command_update:4.6.0:::::::*
	cpe:2.3:a:dell:command_update:4.7.1:::::::*

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000208038/dsa-2023-031	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2023-02-10T12:20:09.940Z

Updated:

Reserved: 2023-01-17T05:22:17.395Z

Link: CVE-2023-23698

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-10T13:15:11.337

Modified: 2023-11-07T04:07:52.697

Link: CVE-2023-23698

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:alienware_update:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "10E69226-6D72-4E15-89C3-B95E00BF91A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:alienware_update:4.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4651608F-B893-4D9F-B3CB-AD3B9DC1EEE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:command_update:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9836FDEF-5971-45AE-AD0F-AEFB657F6AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:command_update:4.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "350DEA8B-0DE7-4025-9124-ABA67D5CC8FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.\n\n"}], "id": "CVE-2023-23698", "lastModified": "2023-11-07T04:07:52.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-02-10T13:15:11.337", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000208038/dsa-2023-031"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1386"}], "source": "security_alert@emc.com", "type": "Secondary"}]}