CVE-2023-43089

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:rugged_control_center:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:23

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371 - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~3.3~~	v2 : unknown v3 : 4.4

06 Dec 2023, 18:38

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
CPE		cpe:2.3:a:dell:rugged_control_center::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3
References	~~() https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371 -~~	() https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371 - Vendor Advisory
First Time		Dell Dell rugged Control Center

01 Dec 2023, 02:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-01 02:15

Updated : 2024-11-21 08:23

NVD link : CVE-2023-43089

Mitre link : CVE-2023-43089

CVE.ORG link : CVE-2023-43089

JSON object : View

Products Affected

dell

rugged_control_center

CWE

CWE-284

Improper Access Control

NVD-CWE-Other

{"id": "CVE-2023-43089", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-12-01T02:15:07.063", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000218066/dsa-2023-371", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "\nDell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.\n\n"}, {"lang": "es", "value": "Dell Rugged Control Center, versi\u00f3n anterior a 4.7, no contiene protecci\u00f3n suficiente para la carpeta Pol\u00edtica. Un usuario est\u00e1ndar malicioso local podr\u00eda explotar esta vulnerabilidad para modificar el contenido del archivo de pol\u00edtica, lo que provocar\u00eda un acceso no autorizado a los recursos."}], "lastModified": "2024-11-21T08:23:42.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:rugged_control_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01646831-B95F-4537-A0D0-0BE43594030B", "versionEndExcluding": "4.7"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}