PT-2023-6777 · Dell · Alienware Update+2

Ycdxsb

Published

2023-02-06

Updated

2023-02-17

CVE-2023-23698

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell Command | Update versions prior to 4.6.0 Dell Update versions prior to 4.6.0 Alienware Update versions prior to 4.7.1

Description The issue is related to an insecure operation on Windows Junction in the installer component, which could be exploited by a local malicious user to delete arbitrary files.

Recommendations For Dell Command | Update versions prior to 4.6.0, update to version 4.6.0 or later. For Dell Update versions prior to 4.6.0, update to version 4.6.0 or later. For Alienware Update versions prior to 4.7.1, update to version 4.7.1 or later.

Fix

Insecure Operation on Windows Junction

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1386

Related Identifiers

BDU:2023-07596

CVE-2023-23698

Affected Products

Alienware Update

Dell Command | Update

Dell Update

PT-2023-6777 · Dell · Alienware Update+2

CVE-2023-23698

Weakness Enumeration

Related Identifiers

Affected Products

References · 6