CVE Published: 28/08/2024 |
CVE Updated: 28/08/2024 |
CVE Year: 2023 Source: dell |
Vendor: Dell |
Product: Dell Client Platform, Dell Dock Firmware Status : PUBLISHED
CVE-2023-43078 Description
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
Metrics
CVSS Version: 3.1 |
Base Score: 6.7 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* REQUIRED Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-59 CWE Name: CWE-59: Improper Link Resolution Before File Access (
Link Following
) Source: Dell
Common Attack Pattern Enumeration and Classification (CAPEC)