CVE-2023-43078

CWE-593 documents3 sources

Severity

7.3HIGH

EPSS

0.1%

top 82.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

346

Dell Alienware M15 R6 Firmware Dell Alienware M15 R7 Firmware Dell Alienware M16 R1 Firmware +343 more

Timeline

PublishedAug 28

Description

Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages346 packages

▶NVDdell/optiplex_3000_thin_client_firmware< 1.15.0

▶NVDdell/dock_wd19_firmware_update_utility01.00.36

▶NVDdell/dock_hd22q_firmware_update_utility01.00.15

▶NVDdell/dock_wd22tb4_firmware_update_utility01.00.36

▶NVDdell/universal_dock_ud22_firmware_update_utility1.0.14.20

🔴Vulnerability Details

CVEList

CVE-2023-43078: Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deleti↗2024-08-28

▶

GHSA

GHSA-296j-r9gr-7w2c: Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deleti↗2024-08-28

▶