Lucene search

DellCVELIST:CVE-2022-34404

HistoryFeb 10, 2023 - 8:30 p.m.

CVE-2022-34404

2023-02-1020:30:31

CWE-295

dell

www.cve.org

dell system update

certificate validation

local attacker

privilege escalation

credential theft

denial of service

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "System Update",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "2.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000203733

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-34404