Search criteria
29 vulnerabilities found for update by dell
FKIE_CVE-2024-28962
Vulnerability from fkie_nvd - Published: 2024-08-06 04:16 - Updated: 2024-08-19 17:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | alienware_update | * | |
| dell | command_update | * | |
| dell | update | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB6ACC8-AE3B-4C76-9F39-B09C5ABBADAD",
"versionEndExcluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CECF121-6D9E-45F0-A41C-3097FE6DFEAF",
"versionEndExcluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A94A7D17-6BF1-4226-B41F-BBAF46F6086F",
"versionEndExcluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
},
{
"lang": "es",
"value": "Comando Dell | Update, Dell Update y Alienware Update UWP, versiones anteriores a la 5.4, contienen una vulnerabilidad de funci\u00f3n o m\u00e9todo peligroso expuesto. Un atacante no autenticado con acceso remoto podr\u00eda explotar esta vulnerabilidad y provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2024-28962",
"lastModified": "2024-08-19T17:12:57.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T04:16:45.810",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28065
Vulnerability from fkie_nvd - Published: 2023-06-23 12:15 - Updated: 2024-11-21 07:54
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | alienware_update | * | |
| dell | command_update | * | |
| dell | update | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F463164D-6ADE-403A-A2A2-59FA7D63124C",
"versionEndExcluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56815685-98A6-440A-888C-C7AD5A80BDCA",
"versionEndExcluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79DCD0C0-ED30-46D7-AF60-13BD62747219",
"versionEndExcluding": "4.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.\n\n"
}
],
"id": "CVE-2023-28065",
"lastModified": "2024-11-21T07:54:19.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-23T12:15:09.340",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1386"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-28071
Vulnerability from fkie_nvd - Published: 2023-06-23 11:15 - Updated: 2024-11-21 07:54
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | alienware_update | * | |
| dell | alienware_update | 4.9.0 | |
| dell | command_update | * | |
| dell | command_update | 4.9.0 | |
| dell | update | * | |
| dell | update | 4.9.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F463164D-6ADE-403A-A2A2-59FA7D63124C",
"versionEndExcluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:alienware_update:4.9.0:a01:*:*:*:*:*:*",
"matchCriteriaId": "98D0EE85-54B8-4BEC-BFD9-2D21659E739C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56815685-98A6-440A-888C-C7AD5A80BDCA",
"versionEndExcluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:4.9.0:a01:*:*:*:*:*:*",
"matchCriteriaId": "140B3324-4186-487C-B37E-322C132B6F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79DCD0C0-ED30-46D7-AF60-13BD62747219",
"versionEndExcluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:4.9.0:a01:*:*:*:*:*:*",
"matchCriteriaId": "E298A8B7-0700-42A0-8730-1B77163CF877",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n"
}
],
"id": "CVE-2023-28071",
"lastModified": "2024-11-21T07:54:20.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-23T11:15:09.790",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1386"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-34384
Vulnerability from fkie_nvd - Published: 2023-02-11 01:23 - Updated: 2024-11-21 07:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000204114 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000204114 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | alienware_update | * | |
| dell | command_update | * | |
| dell | supportassist_for_business_pcs | * | |
| dell | supportassist_for_home_pcs | * | |
| dell | update | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA837B0-98B0-48B1-BA9A-131705A512FC",
"versionEndExcluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC6EFB-D090-4E47-8B0B-E5E3C3F40769",
"versionEndExcluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1EC6BDC-86EE-4229-928D-BB7602A4E725",
"versionEndIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1454A5-072D-49AE-81B0-7153D57B3941",
"versionEndIncluding": "3.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59BF84EB-71FA-454F-8A63-49109237409E",
"versionEndExcluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.\n\n\n\n\n\n"
}
],
"id": "CVE-2022-34384",
"lastModified": "2024-11-21T07:09:24.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-11T01:23:23.793",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000204114"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-34458
Vulnerability from fkie_nvd - Published: 2023-02-01 05:15 - Updated: 2024-11-21 07:09
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | alienware_update | * | |
| dell | command_update | * | |
| dell | update | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D939723B-E534-4EF7-8173-DDDC55A94F76",
"versionEndExcluding": "4.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1780B6E7-D5F7-496E-A04B-F2BADA77AF0D",
"versionEndExcluding": "4.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4016D3F-5624-4663-8178-D26F9D7A9E9B",
"versionEndExcluding": "4.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.\n\n\n\n\n\n"
}
],
"id": "CVE-2022-34458",
"lastModified": "2024-11-21T07:09:36.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T05:15:12.417",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-497"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-34459
Vulnerability from fkie_nvd - Published: 2023-02-01 05:15 - Updated: 2024-11-21 07:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | alienware_update | * | |
| dell | command_update | * | |
| dell | update | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D939723B-E534-4EF7-8173-DDDC55A94F76",
"versionEndExcluding": "4.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1780B6E7-D5F7-496E-A04B-F2BADA77AF0D",
"versionEndExcluding": "4.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4016D3F-5624-4663-8178-D26F9D7A9E9B",
"versionEndExcluding": "4.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.\n\n\n\n\n\n"
}
],
"id": "CVE-2022-34459",
"lastModified": "2024-11-21T07:09:36.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T05:15:12.513",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-34382
Vulnerability from fkie_nvd - Published: 2022-09-02 18:15 - Updated: 2024-11-21 07:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000202198 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000202198 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | alienware_update | * | |
| dell | command_update | * | |
| dell | update | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC7ABF-252B-4679-B923-B3C2F396FE03",
"versionEndExcluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2456776C-8FB3-41AA-9124-0F1B377457E9",
"versionEndExcluding": "4.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05188818-03F7-4238-92E4-EA4E6D84D9CD",
"versionEndExcluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges."
},
{
"lang": "es",
"value": "Dell Command Update, Dell Update y Alienware Update versiones anteriores a 4.6.0, contienen una vulnerabilidad de escalada de privilegios local en la configuraci\u00f3n del cat\u00e1logo personalizado. Un usuario local malicioso puede explotar potencialmente esta vulnerabilidad para elevar sus privilegios"
}
],
"id": "CVE-2022-34382",
"lastModified": "2024-11-21T07:09:24.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-02T18:15:12.093",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000202198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000202198"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24426
Vulnerability from fkie_nvd - Published: 2022-04-01 20:15 - Updated: 2024-11-21 06:50
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | alienware_update | 4.4.0 | |
| dell | command_update | 4.4.0 | |
| dell | update | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:alienware_update:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3720BD4C-67FF-4DC6-85F4-F682F91CF5B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:command_update:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89536D87-434A-4E7F-A922-49A9F963A455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:update:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D20FE39E-C432-460E-A951-2A24686DCFA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation."
},
{
"lang": "es",
"value": "La versi\u00f3n 4.4.0 de Dell Command | Update, Dell Update y Alienware Update contiene una vulnerabilidad de escalada de privilegios local en el componente Advanced Driver Restore. Un usuario local malintencionado podr\u00eda explotar esta vulnerabilidad, llevando a una escalada de privilegios."
}
],
"id": "CVE-2022-24426",
"lastModified": "2024-11-21T06:50:24.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T20:15:08.167",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-28962 (GCVE-0-2024-28962)
Vulnerability from cvelistv5 – Published: 2024-08-06 03:59 – Updated: 2024-08-06 13:33
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
Severity ?
6.5 (Medium)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Update (DU) |
Affected:
N/A , < 5.4
(semver)
|
Credits
Dell Technologies would like to thank Skyler Ferrante for reporting this issue.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "command_update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:18:26.953734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:00.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Update (DU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Skyler Ferrante for reporting this issue."
}
],
"datePublic": "2024-08-05T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
}
],
"value": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T03:59:10.203Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-28962",
"datePublished": "2024-08-06T03:59:10.203Z",
"dateReserved": "2024-03-13T15:42:12.960Z",
"dateUpdated": "2024-08-06T13:33:00.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28065 (GCVE-0-2023-28065)
Vulnerability from cvelistv5 – Published: 2023-06-23 11:04 – Updated: 2024-12-04 14:42
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
Severity ?
6.7 (Medium)
CWE
- CWE-1386 - Insecure Operation on Windows Junction / Mount Point
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
4.8.0 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T14:42:10.380011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:42:45.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Dell Update /\r\nAlienware Update",
"Dell Command | Update"
],
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "4.8.0 and prior"
}
]
}
],
"datePublic": "2023-05-09T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.\u003c/span\u003e\n\n"
}
],
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386: Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T11:04:35.789Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28065",
"datePublished": "2023-06-23T11:04:35.789Z",
"dateReserved": "2023-03-10T05:06:06.441Z",
"dateUpdated": "2024-12-04T14:42:45.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28071 (GCVE-0-2023-28071)
Vulnerability from cvelistv5 – Published: 2023-06-23 10:37 – Updated: 2024-11-07 20:53
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
Severity ?
6.3 (Medium)
CWE
- CWE-1386 - Insecure Operation on Windows Junction / Mount Point
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
4.9.0, A01 and Prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:53:10.318356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:53:38.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Dell Command | Update",
"Dell Update /\r\nAlienware Update"
],
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "4.9.0, A01 and Prior"
}
]
}
],
"datePublic": "2023-06-13T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\u003c/span\u003e\n\n"
}
],
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386: Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:37:19.968Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28071",
"datePublished": "2023-06-23T10:37:19.968Z",
"dateReserved": "2023-03-10T05:07:55.140Z",
"dateUpdated": "2024-11-07T20:53:38.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34384 (GCVE-0-2022-34384)
Vulnerability from cvelistv5 – Published: 2023-02-10 20:03 – Updated: 2025-03-26 15:44
VLAI?
Summary
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | SupportAssist Client Consumer |
Affected:
0 , ≤ 3.11.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000204114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T14:37:50.380678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T15:44:05.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SupportAssist Client Consumer",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "3.11.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T20:03:33.740Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/000204114"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34384",
"datePublished": "2023-02-10T20:03:33.740Z",
"dateReserved": "2022-06-23T18:55:17.090Z",
"dateUpdated": "2025-03-26T15:44:05.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34458 (GCVE-0-2022-34458)
Vulnerability from cvelistv5 – Published: 2023-02-01 04:34 – Updated: 2025-03-27 14:07
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.
Severity ?
6.6 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
0 , < 4.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:07:27.217357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:07:38.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T04:34:57.753Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34458",
"datePublished": "2023-02-01T04:34:57.753Z",
"dateReserved": "2022-06-23T18:55:17.136Z",
"dateUpdated": "2025-03-27T14:07:38.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34459 (GCVE-0-2022-34459)
Vulnerability from cvelistv5 – Published: 2023-02-01 04:28 – Updated: 2025-03-27 14:08
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.
Severity ?
7.8 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
0 , < 4.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:08:49.299370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:08:56.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T04:28:20.334Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34459",
"datePublished": "2023-02-01T04:28:20.334Z",
"dateReserved": "2022-06-23T18:55:17.136Z",
"dateUpdated": "2025-03-27T14:08:56.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34382 (GCVE-0-2022-34382)
Vulnerability from cvelistv5 – Published: 2022-09-02 17:30 – Updated: 2024-09-16 23:56
VLAI?
Summary
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.
Severity ?
7.8 (High)
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
unspecified , < 4.6.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000202198"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T17:30:20",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000202198"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-08-08",
"ID": "CVE-2022-34382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Command Update (DCU)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.6.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000202198",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000202198"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34382",
"datePublished": "2022-09-02T17:30:20.181600Z",
"dateReserved": "2022-06-23T00:00:00",
"dateUpdated": "2024-09-16T23:56:53.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24426 (GCVE-0-2022-24426)
Vulnerability from cvelistv5 – Published: 2022-04-01 20:00 – Updated: 2024-09-16 20:31
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
4.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "4.4.0"
}
]
}
],
"datePublic": "2022-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T19:25:08",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-03-25",
"ID": "CVE-2022-24426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Command Update (DCU)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.4.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-24426",
"datePublished": "2022-04-01T20:00:36.542114Z",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-09-16T20:31:18.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28962 (GCVE-0-2024-28962)
Vulnerability from nvd – Published: 2024-08-06 03:59 – Updated: 2024-08-06 13:33
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
Severity ?
6.5 (Medium)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Update (DU) |
Affected:
N/A , < 5.4
(semver)
|
Credits
Dell Technologies would like to thank Skyler Ferrante for reporting this issue.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "command_update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_update",
"vendor": "dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:18:26.953734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:00.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Update (DU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Skyler Ferrante for reporting this issue."
}
],
"datePublic": "2024-08-05T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
}
],
"value": "Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T03:59:10.203Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227236/dsa-2024-169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-28962",
"datePublished": "2024-08-06T03:59:10.203Z",
"dateReserved": "2024-03-13T15:42:12.960Z",
"dateUpdated": "2024-08-06T13:33:00.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28065 (GCVE-0-2023-28065)
Vulnerability from nvd – Published: 2023-06-23 11:04 – Updated: 2024-12-04 14:42
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
Severity ?
6.7 (Medium)
CWE
- CWE-1386 - Insecure Operation on Windows Junction / Mount Point
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
4.8.0 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T14:42:10.380011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:42:45.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Dell Update /\r\nAlienware Update",
"Dell Command | Update"
],
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "4.8.0 and prior"
}
]
}
],
"datePublic": "2023-05-09T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.\u003c/span\u003e\n\n"
}
],
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386: Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T11:04:35.789Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28065",
"datePublished": "2023-06-23T11:04:35.789Z",
"dateReserved": "2023-03-10T05:06:06.441Z",
"dateUpdated": "2024-12-04T14:42:45.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28071 (GCVE-0-2023-28071)
Vulnerability from nvd – Published: 2023-06-23 10:37 – Updated: 2024-11-07 20:53
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
Severity ?
6.3 (Medium)
CWE
- CWE-1386 - Insecure Operation on Windows Junction / Mount Point
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
4.9.0, A01 and Prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:53:10.318356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:53:38.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Dell Command | Update",
"Dell Update /\r\nAlienware Update"
],
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "4.9.0, A01 and Prior"
}
]
}
],
"datePublic": "2023-06-13T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\u003c/span\u003e\n\n"
}
],
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1386",
"description": "CWE-1386: Insecure Operation on Windows Junction / Mount Point",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:37:19.968Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28071",
"datePublished": "2023-06-23T10:37:19.968Z",
"dateReserved": "2023-03-10T05:07:55.140Z",
"dateUpdated": "2024-11-07T20:53:38.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34384 (GCVE-0-2022-34384)
Vulnerability from nvd – Published: 2023-02-10 20:03 – Updated: 2025-03-26 15:44
VLAI?
Summary
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.
Severity ?
7.8 (High)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | SupportAssist Client Consumer |
Affected:
0 , ≤ 3.11.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000204114"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T14:37:50.380678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T15:44:05.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SupportAssist Client Consumer",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "3.11.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T20:03:33.740Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/000204114"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34384",
"datePublished": "2023-02-10T20:03:33.740Z",
"dateReserved": "2022-06-23T18:55:17.090Z",
"dateUpdated": "2025-03-26T15:44:05.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34458 (GCVE-0-2022-34458)
Vulnerability from nvd – Published: 2023-02-01 04:34 – Updated: 2025-03-27 14:07
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.
Severity ?
6.6 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
0 , < 4.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:07:27.217357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:07:38.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T04:34:57.753Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34458",
"datePublished": "2023-02-01T04:34:57.753Z",
"dateReserved": "2022-06-23T18:55:17.136Z",
"dateUpdated": "2025-03-27T14:07:38.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34459 (GCVE-0-2022-34459)
Vulnerability from nvd – Published: 2023-02-01 04:28 – Updated: 2025-03-27 14:08
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.
Severity ?
7.8 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
0 , < 4.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:08:49.299370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:08:56.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T04:28:20.334Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34459",
"datePublished": "2023-02-01T04:28:20.334Z",
"dateReserved": "2022-06-23T18:55:17.136Z",
"dateUpdated": "2025-03-27T14:08:56.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34382 (GCVE-0-2022-34382)
Vulnerability from nvd – Published: 2022-09-02 17:30 – Updated: 2024-09-16 23:56
VLAI?
Summary
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.
Severity ?
7.8 (High)
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
unspecified , < 4.6.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000202198"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T17:30:20",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000202198"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-08-08",
"ID": "CVE-2022-34382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Command Update (DCU)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.6.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000202198",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000202198"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34382",
"datePublished": "2022-09-02T17:30:20.181600Z",
"dateReserved": "2022-06-23T00:00:00",
"dateUpdated": "2024-09-16T23:56:53.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24426 (GCVE-0-2022-24426)
Vulnerability from nvd – Published: 2022-04-01 20:00 – Updated: 2024-09-16 20:31
VLAI?
Summary
Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell Command Update (DCU) |
Affected:
4.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Command Update (DCU)",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "4.4.0"
}
]
}
],
"datePublic": "2022-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T19:25:08",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-03-25",
"ID": "CVE-2022-24426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Command Update (DCU)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.4.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-24426",
"datePublished": "2022-04-01T20:00:36.542114Z",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-09-16T20:31:18.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202209-0080
Vulnerability from variot - Updated: 2023-12-18 13:55Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "command update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6.0"
},
{
"model": "alienware update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6.0"
},
{
"model": "update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.6.0"
},
{
"model": "update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell command update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"db": "NVD",
"id": "CVE-2022-34382"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34382"
}
]
},
"cve": "CVE-2022-34382",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34382",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-34382",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34382",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-121",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"db": "NVD",
"id": "CVE-2022-34382"
},
{
"db": "NVD",
"id": "CVE-2022-34382"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34382"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"db": "VULHUB",
"id": "VHN-426698"
},
{
"db": "VULMON",
"id": "CVE-2022-34382"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34382",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016351",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-121",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-426698",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34382",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426698"
},
{
"db": "VULMON",
"id": "CVE-2022-34382"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"db": "NVD",
"id": "CVE-2022-34382"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
]
},
"id": "VAR-202209-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426698"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:55:19.706000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell Command Update and Dell Update and Alienware Update Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=206949"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426698"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"db": "NVD",
"id": "CVE-2022-34382"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.dell.com/support/kbdoc/000202198"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34382"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34382/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426698"
},
{
"db": "VULMON",
"id": "CVE-2022-34382"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"db": "NVD",
"id": "CVE-2022-34382"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426698"
},
{
"db": "VULMON",
"id": "CVE-2022-34382"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"db": "NVD",
"id": "CVE-2022-34382"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-426698"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34382"
},
{
"date": "2023-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"date": "2022-09-02T18:15:12.093000",
"db": "NVD",
"id": "CVE-2022-34382"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-426698"
},
{
"date": "2022-09-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34382"
},
{
"date": "2023-10-03T08:09:00",
"db": "JVNDB",
"id": "JVNDB-2022-016351"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-34382"
},
{
"date": "2022-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities in multiple Dell products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016351"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-121"
}
],
"trust": 0.6
}
}
VAR-202302-0812
Vulnerability from variot - Updated: 2023-12-18 13:54Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. plural Dell The product contains a vulnerability in permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0812",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.0"
},
{
"model": "update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.0"
},
{
"model": "alienware update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.0"
},
{
"model": "command update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.0"
},
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.11.2"
},
{
"model": "update",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "alienware 4.5"
},
{
"model": "alienware update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "update",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "dell comm 4.5"
},
{
"model": "update",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "4.5"
},
{
"model": "dell command update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.11.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"cve": "CVE-2022-34384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-014045",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-34384",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34384",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-014045",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-768",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. plural Dell The product contains a vulnerability in permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "VULMON",
"id": "CVE-2022-34384"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34384",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426700",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34384",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
]
},
"id": "VAR-202302-0812",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426700"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:54:58.620000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-190",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000204114/dsa-2022-190-dell-supportassist-for-home-and-business-pcs-security-update-for-multiple-proprietary-code-vulnerabilities"
},
{
"title": "Dell SupportAssist Client Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226224"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34384 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "Improper authority management (CWE-269) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34384"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34384/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426700"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"date": "2023-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"date": "2023-02-11T01:23:23.793000",
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"date": "2023-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-426700"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"date": "2023-09-14T01:24:00",
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"date": "2023-11-07T03:48:34.883000",
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dell\u00a0 Product permission management vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
],
"trust": 0.6
}
}
VAR-202302-0067
Vulnerability from variot - Updated: 2023-12-18 12:41Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alienware update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.7.1"
},
{
"model": "update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.7.1"
},
{
"model": "command update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.7.1"
},
{
"model": "alienware update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell command update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"db": "NVD",
"id": "CVE-2022-34458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34458"
}
]
},
"cve": "CVE-2022-34458",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34458",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-34458",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34458",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-011",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"db": "NVD",
"id": "CVE-2022-34458"
},
{
"db": "NVD",
"id": "CVE-2022-34458"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34458"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"db": "VULHUB",
"id": "VHN-426774"
},
{
"db": "VULMON",
"id": "CVE-2022-34458"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34458",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012303",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-011",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426774",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34458",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426774"
},
{
"db": "VULMON",
"id": "CVE-2022-34458"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"db": "NVD",
"id": "CVE-2022-34458"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
]
},
"id": "VAR-202302-0067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426774"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:41:23.433000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-298",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
},
{
"title": "Multiple Dell product Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=224365"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34458 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34458"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"db": "NVD",
"id": "CVE-2022-34458"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34458"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34458/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426774"
},
{
"db": "VULMON",
"id": "CVE-2022-34458"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"db": "NVD",
"id": "CVE-2022-34458"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426774"
},
{
"db": "VULMON",
"id": "CVE-2022-34458"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"db": "NVD",
"id": "CVE-2022-34458"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-426774"
},
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34458"
},
{
"date": "2023-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"date": "2023-02-01T05:15:12.417000",
"db": "NVD",
"id": "CVE-2022-34458"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-426774"
},
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34458"
},
{
"date": "2023-08-29T03:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-012303"
},
{
"date": "2023-11-07T03:48:42.910000",
"db": "NVD",
"id": "CVE-2022-34458"
},
{
"date": "2023-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dell\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012303"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-011"
}
],
"trust": 0.6
}
}
VAR-202204-1134
Vulnerability from variot - Updated: 2023-12-18 12:15Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "update",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "4.4.0"
},
{
"model": "command update",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "4.4.0"
},
{
"model": "alienware update",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "4.4.0"
},
{
"model": "alienware update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell command update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"db": "NVD",
"id": "CVE-2022-24426"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:update:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:command_update:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:alienware_update:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24426"
}
]
},
"cve": "CVE-2022-24426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2022-24426",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-414173",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24426",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24426",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-24426",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-1824",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414173",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414173"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"db": "NVD",
"id": "CVE-2022-24426"
},
{
"db": "NVD",
"id": "CVE-2022-24426"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24426"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"db": "VULHUB",
"id": "VHN-414173"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24426",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007542",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1824",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414173",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414173"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"db": "NVD",
"id": "CVE-2022-24426"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
]
},
"id": "VAR-202204-1134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414173"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:15:43.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Dell Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193683"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414173"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"db": "NVD",
"id": "CVE-2022-24426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dell.com/support/kbdoc/en-us/000197723/dsa-2022-074"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24426"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24426/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414173"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"db": "NVD",
"id": "CVE-2022-24426"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414173"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"db": "NVD",
"id": "CVE-2022-24426"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-414173"
},
{
"date": "2023-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"date": "2022-04-01T20:15:08.167000",
"db": "NVD",
"id": "CVE-2022-24426"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "VULHUB",
"id": "VHN-414173"
},
{
"date": "2023-07-18T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-007542"
},
{
"date": "2022-05-23T16:24:37.480000",
"db": "NVD",
"id": "CVE-2022-24426"
},
{
"date": "2022-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Uncontrolled Search Path Element Vulnerability in Multiple Dell Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007542"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1824"
}
],
"trust": 0.6
}
}
VAR-202302-0149
Vulnerability from variot - Updated: 2023-12-18 11:55Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alienware update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.7.1"
},
{
"model": "update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.7.1"
},
{
"model": "command update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.7.1"
},
{
"model": "alienware update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell command update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"db": "NVD",
"id": "CVE-2022-34459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.7.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34459"
}
]
},
"cve": "CVE-2022-34459",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-012306",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-34459",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34459",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-012306",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-010",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"db": "NVD",
"id": "CVE-2022-34459"
},
{
"db": "NVD",
"id": "CVE-2022-34459"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"db": "VULHUB",
"id": "VHN-426775"
},
{
"db": "VULMON",
"id": "CVE-2022-34459"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34459",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012306",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-010",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426775",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34459",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426775"
},
{
"db": "VULMON",
"id": "CVE-2022-34459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"db": "NVD",
"id": "CVE-2022-34459"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
]
},
"id": "VAR-202302-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426775"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:55:02.314000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-298",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
},
{
"title": "Multiple Dell product Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=224364"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34459 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.1
},
{
"problemtype": "Improper verification of digital signatures (CWE-347) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426775"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"db": "NVD",
"id": "CVE-2022-34459"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34459"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34459/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426775"
},
{
"db": "VULMON",
"id": "CVE-2022-34459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"db": "NVD",
"id": "CVE-2022-34459"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426775"
},
{
"db": "VULMON",
"id": "CVE-2022-34459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"db": "NVD",
"id": "CVE-2022-34459"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-426775"
},
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34459"
},
{
"date": "2023-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"date": "2023-02-01T05:15:12.513000",
"db": "NVD",
"id": "CVE-2022-34459"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-426775"
},
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34459"
},
{
"date": "2023-08-29T03:37:00",
"db": "JVNDB",
"id": "JVNDB-2022-012306"
},
{
"date": "2023-11-07T03:48:42.983000",
"db": "NVD",
"id": "CVE-2022-34459"
},
{
"date": "2023-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dell\u00a0 Digital Signature Verification Vulnerability in Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012306"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-010"
}
],
"trust": 0.6
}
}