CVE-2023-39257

Published Dec 2, 2023

Last updated 6 months ago

Overview

Description: Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

security_alert@emc.com: CWE-284
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:rugged_control_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01646831-B95F-4537-A0D0-0BE43594030B",
            "versionEndExcluding": "4.7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.