CVE-2023-25543

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075	Patch Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:power_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:49

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075 - Patch, Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075 - Patch, Vendor Advisory

Information

Published : 2024-02-06 07:15

Updated : 2024-11-21 07:49

NVD link : CVE-2023-25543

Mitre link : CVE-2023-25543

CVE.ORG link : CVE-2023-25543

JSON object : View

Products Affected

power_manager

CWE

CWE-280

Improper Handling of Insufficient Permissions or Privileges

CWE-755

Improper Handling of Exceptional Conditions

{"id": "CVE-2023-25543", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-06T07:15:08.170", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-280"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "\nDell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. \n\n"}, {"lang": "es", "value": "Dell Power Manager, versiones anteriores a la 3.14, contienen una vulnerabilidad de autorizaci\u00f3n incorrecta en el servicio DPM. Un usuario malintencionado con pocos privilegios podr\u00eda explotar esta vulnerabilidad para elevar los privilegios en el sistema."}], "lastModified": "2024-11-21T07:49:41.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:power_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "008626FF-F9D3-483B-9958-AB7FD90CA2CC", "versionEndExcluding": "3.14"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}