Saturday, November 2, 2024
HomeCVE/vulnerabilityMultiple Vulnerabilities with Pre-installed Packages open Dell systems to Hack

Multiple Vulnerabilities with Pre-installed Packages open Dell systems to Hack

Published on

Malware protection

Security experts from Talos discovered a couple of vulnerabilities in Dell Precision software which allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user.

CVE-2016-9038

This vulnerability exists with Invincea-X, Dell Protected Workspace 6.1.3-24058 and attacker can trigger this vulnerability by sending crafted data to the \Device\SandboxDriverApi device driver which is read/write Open to everyone.

A Successful exploitation ends in an arbitrary value written to kernel memory space, that can lead to local privilege escalation.

- Advertisement - SIEM as a Service

For More details on Vulnerability Report TALOS-2016-0256.

Also Read Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine

CVE-2016-8732

Due to inadequate restrictions on the driver communications channel, as well as inadequate validation, an attacker controlled application that is executed on an affected system could leverage this driver to effectively disable some of the protection mechanisms provided by the software.

This security vulnerability found in one of the driver components, ‘InvProtectDrv.sys’ with version 5.1.1-22303 and the vulnerability is fixed with version 6.3.0.

For More details on Vulnerability Report TALOS-2016-0246.

Also Read WordPress Visitor Statistics Plugin found Vulnerable to SQL Injection

CVE-2017-2802

This vulnerability exists with Dell Ppo Service, upon execution the program will load atiadlxx.dll which is not present in application default directory. Application searches for an appropriately named DLL in the directories defined by the PATH environment variable.

If it finds a DLL with the same name, it will load the DLL into poaService.exe without verifying the signature of the DLL. This can lead to the execution of arbitrary code if an attacker supplies a malicious DLL of the correct name.

Vulnerability exists with PPR Monitoring Plugin 3.5.5.0 and versions from v4.0 onwards are not vulnerable

For More details on Vulnerability Report TALOS-2016-2047.

Talos recommend's that organizations using affected versions of this solution
update to the latest version as quickly as possible to ensure that the protections
provided by this software cannot be bypassed by an attacker. Organizations need
to carefully consider the risks and benefits of software bundled with devices.

Also Read Lenovo VIBE Mobile Phones Vulnerable to Local Root Privilege Escalation

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to...

SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows

Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM...

Vulnerabilities in Realtek SD Card Reader Driver Impacts Dell, Lenovo, & Others Laptops

Multiple vulnerabilities have been discovered in the Realtek SD card reader driver, RtsPer.sys, affecting...