漏洞标题
N/A
漏洞描述信息
Dell Client Consumer和 Commercial Dock Firmware Update Utilities 包含一个 arbitrary File Overwrite 漏洞。该漏洞仅限于在管理员执行时的时间窗口内,由 Dell Dock Firmware Update Utilities 执行。在此时间窗口内,一个经本地验证的低特权恶意用户可以通过通过链接攻击欺骗管理员 overwrite 任意文件。该漏洞不会影响更新 utility 实际二进制包的传输。
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
对搜索路径元素未加控制
漏洞标题
Dell Dock Firmware Update Utilities 代码问题漏洞
漏洞描述信息
Dell Dock Firmware Update Utilities是美国戴尔(Dell)公司的一款用于Dell扩展坞的固件更新实用程序。 Dell Dock Firmware Update Utilities(用于Dell Client Consumer和Commercial扩展坞)中存在代码问题漏洞。本地攻击者可通过进行符号链接攻击利用该漏洞覆盖任意文件。
CVSS信息
N/A
漏洞类别
代码问题