CVE-2023-39254

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Mar 1, 2024

CWE ID 427

Summary

CVE-2023-39254 is a vulnerability affecting Dell Update Package (DUP) versions prior to 4.9.10. This issue involves an Uncontrolled Search Path, which means a malicious user with local system access can manipulate the software's search path to load malicious files, potentially executing arbitrary code with administrative privileges. This vulnerability poses a significant risk, as exploitation does not require network access, making it crucial for users to apply the available patch as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sHwVH8
https://www.cve.org/CVERecord?id=CVE-2023-39254
https://nvd.nist.gov/vuln/detail/CVE-2023-39254

Back to Vulnerability Database

CVE-2023-39254

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations