Dell Repository Manager 3.4.2- InsMod LPE via OS CVE-2023-22576
CVE-2023-22576 Published on August 21, 2024
Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.
Vulnerability Analysis
CVE-2023-22576 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2023-22576
Want to know whenever a new CVE is published for Dell Repository Manager? stack.watch will email you.
Affected Versions
Dell Repository Manager (DRM):- Before and including 3.4.2 is affected.
- Before and including 3.4.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.