Dell Command Update

Dell Update <=5.4 UWP Dangerous Method DoS
CVE-2024-28962 7.5 - High - August 06, 2024

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Externally Controlled Reference to a Resource in Another Sphere

Dell Command Update local PrivEsc via unsafe Windows junction (pre4.8.0)
CVE-2023-28065 7.3 - High - June 23, 2023

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

insecure temporary file

Dell Command Update <=4.9.0 insecure junction mount point => DOS
CVE-2023-28071 7.1 - High - June 23, 2023

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

insecure temporary file

Dell SupportAssist Client Pre-3.11.1 LPE via Advanced Driver Restore
CVE-2022-34384 7.8 - High - February 11, 2023

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

Improper Privilege Management

Dell Command Update <=4.6.0 & <=4.7.1 Windows Junction Arbitrary Delete
CVE-2023-23698 7.1 - High - February 10, 2023

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.

Dell Command Update v<4.7 Improper Crypto Signature Verification
CVE-2022-34459 7.8 - High - February 01, 2023

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

Improper Verification of Cryptographic Signature

Dell Command Update <4.7 USS Vulnerability Exposing Sensitive System Info
CVE-2022-34458 5.5 - Medium - February 01, 2023

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.

Dell Command Update <4.6.0 LPE via custom catalog config
CVE-2022-34382 7.8 - High - September 02, 2022

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.

Dell Command | Update
CVE-2022-24426 7.8 - High - April 01, 2022

Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

DLL preloading

Dell Command | Update
CVE-2021-36277 7.8 - High - August 09, 2021

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system.

Improper Verification of Cryptographic Signature

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability
CVE-2019-3749 5.5 - Medium - December 03, 2019

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.

insecure temporary file

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability
CVE-2019-3750 5.5 - Medium - December 03, 2019

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.

insecure temporary file