PT-2023-23802 · Dell · Dell Appsync
Published
2023-09-27
·
Updated
2023-10-02
·
CVE-2023-32458
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell AppSync versions 4.4.0.0 through 4.6.0.0
Description
The issue is related to an improper access control vulnerability in the Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation, leading to a privilege escalation.
Recommendations
For Dell AppSync versions 4.4.0.0 through 4.6.0.0, consider updating to a version outside of the affected range to resolve the issue. As a temporary workaround, restrict access to the Embedded Service Enabler component to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Appsync