Tuesday, June 25, 2024

Dell Command Configure Vulnerability Let Attackers Compromise Vulnerable Systems

It has been discovered that there is a high-severity vulnerability in Dell Command Configure that could potentially be exploited by malicious users to compromise the system.

The vulnerability has been given a CVSS base score of 7.3 and has been classified as CVE-2023-43086. It is important to take note of this vulnerability and take appropriate measures to mitigate the risk of exploitation.

During an application upgrade, a local malicious user can modify files inside the installation folder, which could escalate privileges.

For the impacted products, the company released the remediated versions.

Specifics of the Vulnerability

Dell Command | Configure is a software package that allows you to configure the BIOS on Dell client systems. Using the Dell Command | Configure User Interface (UI) or Command Line Interface (CLI), IT administrators can use this tool to configure BIOS settings and build BIOS packages.

“Dell Command | Configure remediation is available for an improper access control vulnerability that malicious users could exploit to compromise the affected system,” reads Dell Security advisory.

Document
Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

When a system fails to appropriately limit or enforce access to resources—like files, directories, network resources, or application functions—it creates a vulnerability known as improper access control.

Weak access controls, insufficient authorization checks, and excessively permissive access are examples of improper access control flaws.

Affected Versions

Dell Command | Configure, versions before 4.11.0 have a vulnerability related to “improper access control.”

Affected Products and Remediation

Hence, it is advised that you use the most recent version of the available software and install security patches as soon as possible.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Website

Latest articles

Beware Of Shorten URLs With Word Files That Install Remcos RAT

A new method of distributing the Remcos Remote Access Trojan (RAT) has been identified.This...

Top 10 Best Penetration Testing Companies & Services in 2024

Penetration Testing Companies are pillars of information security; nothing is more important than ensuring...

Hackers Use Windows XSS Flaw To Execute Arbitrary Command In MMC Console

Attackers are leveraging a new infection technique called GrimResource that exploits MSC files.By...

New Webkit Vulnerabilities Let Attackers Exploit PS4 And PS5 Playstations

Webkit vulnerabilities in PS4 and PS5 refer to bugs found in the Webkit engine...

Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts

Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins. The initial...

Hackers Attacking Windows IIS Server to Upload Web Shells

Windows IIS Servers often host critical web applications and services that provide a gateway...

WikiLeaks Founder Julian Assange Released in Stunning Deal with U.S.

WikiLeaks founder Julian Assange has been released from prison after reaching a deal with...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles