CVE-2022-34457 HIGH

CVE-2022-34457

Vendor Dell

Product Dell Command Configure (DCC)

Weakness CWE-284

Published January 18, 2023

Last update April 3, 2025

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

Key dates

02Disclosure timeline

January 18, 2023 CVE published

April 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-34457

Related vulnerabilities

CVE-2022-34457

01Description

02Disclosure timeline

03References

04Related CVE