CVE-2023-43086 HIGH

CVE-2023-43086

Vendor Dell
Product Dell Command Configure (DCC)
Weakness CWE-284
Published November 23, 2023
Last update August 2, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

Key dates

02Disclosure timeline

November 23, 2023 CVE published
August 2, 2024 Record updated