Dell Command Configure Vulnerability Let Attackers Compromise Vulnerable Systems

It has been discovered that there is a high-severity vulnerability in Dell Command Configure that could potentially be exploited by malicious users to compromise the system.



The vulnerability has been given a CVSS base score of 7.3 and has been classified as CVE-2023-43086. It is important to take note of this vulnerability and take appropriate measures to mitigate the risk of exploitation.



During an application upgrade, a local malicious user can modify files inside the installation folder, which could escalate privileges.



For the impacted products, the company released the remediated versions.



Specifics of the Vulnerability



Dell Command | Configure is a software package that allows you to configure the BIOS on Dell client systems. Using the Dell Command | Configure User Interface (UI) or Command Line Interface (CLI), IT administrators can use this tool to configure BIOS settings and build BIOS packages.



“Dell Command | Configure remediation is available for an improper access control vulnerability that malicious users could exploit to compromise the affected system,” reads Dell Security advisory .






Document

@import url('https://fonts.googleapis.com/css2?family=Poppins&display=swap');
@import url('https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap');
*{
margin: 0; padding: 0;
text-decoration: none;
}
.container{
font-family: roboto, sans-serif;
width: 90%;
border: 1px solid lightgrey;
padding: 20px;
background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%);
margin: 20px auto ;
border-radius: 40px 10px;
box-shadow: 5px 5px 5px #e2ebff;
}
.container:hover{
box-shadow: 10px 10px 5px #e2ebff;

}
.container .title{
color: #015689;
font-size: 22px;
font-weight: bolder;
}
.container .title{
text-shadow: 1px 1px 1px lightgrey;
}
.container .title:after {
width: 50px;
height: 2px;
content: ' ';
position: absolute;
background-color: #015689;
margin: 20px 8px;
}
.container h2{
line-height: 40px;
margin: 2px 0;
font-weight: bolder;
}
.container a{

color: #170d51;
}
.container p{
font-size: 18px;
line-height: 30px;

}

.container button{
padding: 15px;
background-color: #4469f5;
border-radius: 10px;
border: none;
background-color: #00456e ;
font-size: 16px;
font-weight: bold;
margin-top: 5px;
}
.container button:hover{
box-shadow: 1px 1px 15px #015689;
transition: all 0.2S linear;

}
.container button a{
color: white;
}
hr{
/* display: none; */
}

Free Webinar

Live API Attack Simulation Webinar
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register for Free

When a system fails to appropriately limit or enforce access to resources—like files, directories, network resources, or application functions—it creates a vulnerability known as improper access control.



Weak access controls, insufficient authorization checks, and excessively permissive access are examples of improper access control flaws.



Affected Versions



Dell Command | Configure, versions before 4.11.0 have a vulnerability related to “ improper access control .”



Affected Products and Remediation






Hence, it is advised that you use the most recent version of the available software and install security patches as soon as possible.



Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial .
The post Dell Command Configure Vulnerability Let Attackers Compromise Vulnerable Systems appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .