CVE-2023-28049

Published: Feb 6, 2024Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.

Affected (1)

Products: Dell: Command | Monitor

Dell

1 product

Command | Monitor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Command \| Monitor	Before 10.9.1

Related CWEs

CWE-267

Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.dell.com/support/kbdoc/en-us/000211748/dsa-2023-125-dell-command-monitor-dcm

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/en-us/000211748/dsa-2023-125-dell-command-monitor-dcm

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.