CVE-2023-32474 - OpenCVE

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Display Manager

Configuration 1 [-]

cpe:2.3:a:dell:display_manager:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2024-02-06T07:53:22.515Z

Updated: 2024-07-05T17:21:29.673Z

Reserved: 2023-05-09T06:07:41.365Z

Link: CVE-2023-32474

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-06T08:15:50.647

Modified: 2024-02-12T21:37:18.687

Link: CVE-2023-32474

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32474", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-05-09T06:07:41.365Z", "datePublished": "2024-02-06T07:53:22.515Z", "dateUpdated": "2024-07-05T17:21:29.673Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Dell Display Manager", "vendor": "Dell", "versions": [{"lessThanOrEqual": "2.1.1.17", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Marius Gabriel Mihai"}], "datePublic": "2023-07-07T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion</span>\n\n"}], "value": "\nDell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1386", "description": "CWE-1386: Insecure Operation on Windows Junction / Mount Point", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-06T07:53:22.515Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32474", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T14:12:45.785539Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:29.673Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:display_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFE32F01-E2FB-439E-8E2D-2A5E59FBC76B", "versionEndExcluding": "2.1.1.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion\n\n"}, {"lang": "es", "value": "La aplicaci\u00f3n Dell Display Manager, versi\u00f3n 2.1.1.17 y anteriores, contiene una operaci\u00f3n no segura en el punto de uni\u00f3n/montaje de Windows. Un usuario malintencionado local podr\u00eda explotar esta vulnerabilidad durante la instalaci\u00f3n, lo que provocar\u00eda la eliminaci\u00f3n de archivos o carpetas arbitrarias."}], "id": "CVE-2023-32474", "lastModified": "2024-02-12T21:37:18.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.2, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2024-02-06T08:15:50.647", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1386"}], "source": "security_alert@emc.com", "type": "Secondary"}]}