Lucene search

[email protected]CVE-2022-34404

HistoryFeb 11, 2023 - 1:23 a.m.

CVE-2022-34404

2023-02-1101:23:24

CWE-295

[email protected]

web.nvd.nist.gov

cve-2022-34404

dell system update

improper certificate validation

data parser module

local attacker

privilege escalation

credential theft

denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

Affected configurations

NVD

Node

dellsystem_updateRange<2.0.1.0

CPENameOperatorVersion
dell:system_updatedell system updatelt2.0.1.0

CPE	Name	Operator	Version
dell:system_update	dell system update	lt	2.0.1.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "System Update",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "2.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000203733

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-34404

nvd1 cnvd1 prion1 cvelist1