CVE-2022-34457

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-34457
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/000205633 Patch Vendor Advisory
https://www.dell.com/support/kbdoc/000205633 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:command\|configure:*:*:*:*:*:*:*:*
History

21 Nov 2024, 07:09

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : 7.3
References () https://www.dell.com/support/kbdoc/000205633 - Patch, Vendor Advisory () https://www.dell.com/support/kbdoc/000205633 - Patch, Vendor Advisory
Summary
  • (es) Las versiones 4.8 y anteriores de la aplicación Dell Command | Configure contienen permisos de carpeta inadecuados cuando se instala en una ruta no segura en lugar de la predeterminada. Esta es una vulnerabilidad crítica ya que puede derivar en una escalada de privilegios, permitiendo que usuarios que no son administradores modifiquen los archivos dentro del directorio instalado y pueden hacer que la aplicación no esté disponible para todos los usuarios.

07 Nov 2023, 03:48

Type Values Removed Values Added
Summary Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users. Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

21 Jul 2023, 18:48

Type Values Removed Values Added
CWE CWE-668 CWE-732
Information

Published : 2023-01-18 12:15

Updated : 2024-11-21 07:09

NVD link : CVE-2022-34457

Mitre link : CVE-2022-34457

CVE.ORG link : CVE-2022-34457

JSON object : View

Products Affected

dell

  • command\|configure
CWE
CWE-284

Improper Access Control

CWE-732

Incorrect Permission Assignment for Critical Resource


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024