CVE-2023-32474

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:display_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:03

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell - Vendor Advisory

Information

Published : 2024-02-06 08:15

Updated : 2024-11-21 08:03

NVD link : CVE-2023-32474

Mitre link : CVE-2023-32474

CVE.ORG link : CVE-2023-32474

JSON object : View

Products Affected

display_manager

CWE

CWE-1386

Insecure Operation on Windows Junction / Mount Point

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2023-32474", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.3}]}, "published": "2024-02-06T08:15:50.647", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1386"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "\nDell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion\n\n"}, {"lang": "es", "value": "La aplicaci\u00f3n Dell Display Manager, versi\u00f3n 2.1.1.17 y anteriores, contiene una operaci\u00f3n no segura en el punto de uni\u00f3n/montaje de Windows. Un usuario malintencionado local podr\u00eda explotar esta vulnerabilidad durante la instalaci\u00f3n, lo que provocar\u00eda la eliminaci\u00f3n de archivos o carpetas arbitrarias."}], "lastModified": "2024-11-21T08:03:25.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:display_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFE32F01-E2FB-439E-8E2D-2A5E59FBC76B", "versionEndExcluding": "2.1.1.21"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}