Vulnerabilities > CVE-2022-34458 - Unspecified vulnerability in Dell Alienware Update, Command Update and Update

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

dell

NVD

Published: 2023-02-01

Updated: 2023-11-07

Summary

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Command Update - Dell Command Update 3.1 Dell Command Update 4.4.0 Dell Command Update 4.5.0 Dell Command Update 4.6.0 Dell Alienware Update - Dell Alienware Update 4.4.0 Dell Alienware Update 4.5.0 Dell Alienware Update 4.6.0 Dell Update - Dell Update 4.4.0 Dell Update 4.5.0	12

References

https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298