CVE-2023-23697
CVE-2023-23697
In short
Dell Command | Intel vPro Out of Band (before version 4.4.0) has a flaw that allows a logged-in user to delete any folder on the system during the uninstallation process. This could be exploited to damage or disable the system by removing important files.
Technical detail
The vulnerability exists in the uninstallation routine of Dell Command | Intel vPro Out of Band versions prior to 4.4.0, where insufficient path validation allows arbitrary folder deletion. An authenticated local attacker can exploit this by manipulating the uninstallation process to delete critical system or application directories, resulting in denial of service or system instability.
Summary generated and translated by AI from the official description.
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Dell · Dell Command Update (DCU)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →