PT-2018-7193 · Dell · Dell Precision Optimizer

Published

2018-04-24

Updated

2018-06-13

CVE-2017-2802

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Dell Precision Optimizer version 3.5.5.0

Description: A dll hijacking issue exists in the poaService.exe service component. This can be exploited by placing a malicious dll file in a directory pointed to by the PATH environment variable, leading to privilege escalation. An attacker with local access to the vulnerable system can exploit this issue.

Recommendations: For version 3.5.5.0, consider restricting access to the poaService.exe service component until a patch is available. As a temporary workaround, restrict the use of directories pointed to by the PATH environment variable to minimize the risk of exploitation.

Exploit

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2017-2802

Affected Products

Dell Precision Optimizer

PT-2018-7193 · Dell · Dell Precision Optimizer

CVE-2017-2802

Weakness Enumeration

Related Identifiers

Affected Products

References · 4