PT-2024-12786 · Dell · Dell Update Package
Dohyun Lee
·
Published
2024-03-01
·
Updated
2025-01-31
·
CVE-2023-39254
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell Update Package (DUP) versions prior to 4.9.10
Description
The issue allows a malicious user with local access to the system to potentially exploit it and run arbitrary code as admin. This is due to an Uncontrolled Search Path vulnerability.
Recommendations
For versions prior to 4.9.10, update to version 4.9.10 or later to resolve the issue.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Update Package