CVE-2022-34457
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.
Las versiones 4.8 y anteriores de la aplicación Dell Command | Configure contienen permisos de carpeta inadecuados cuando se instala en una ruta no segura en lugar de la predeterminada. Esta es una vulnerabilidad crítica ya que puede derivar en una escalada de privilegios, permitiendo que usuarios que no son administradores modifiquen los archivos dentro del directorio instalado y pueden hacer que la aplicación no esté disponible para todos los usuarios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-23 CVE Reserved
- 2023-01-18 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.dell.com/support/kbdoc/000205633 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Command\|configure Search vendor "Dell" for product "Command\|configure" | < 4.9.0 Search vendor "Dell" for product "Command\|configure" and version " < 4.9.0" | - |
Affected
| ||||||