CVE-2023-25543

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:power_manager:*:*:*:*:*:*:*:*

History

12 Feb 2024, 17:12

Type	Values Removed	Values Added
CWE		CWE-755
CPE		cpe:2.3:a:dell:power_manager::::::::
First Time		Dell power Manager Dell
References	~~() https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075 -~~	() https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075 - Patch, Vendor Advisory

06 Feb 2024, 13:53

Type	Values Removed	Values Added
Summary		(es) Dell Power Manager, versiones anteriores a la 3.14, contienen una vulnerabilidad de autorización incorrecta en el servicio DPM. Un usuario malintencionado con pocos privilegios podría explotar esta vulnerabilidad para elevar los privilegios en el sistema.

06 Feb 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-06 07:15

Updated : 2024-02-12 17:12

NVD link : CVE-2023-25543

Mitre link : CVE-2023-25543

CVE.ORG link : CVE-2023-25543

JSON object : View

Products Affected

dell

power_manager

CWE

CWE-755

Improper Handling of Exceptional Conditions

CWE-280

Improper Handling of Insufficient Permissions or Privileges

{"id": "CVE-2023-25543", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-06T07:15:08.170", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-755"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-280"}]}], "descriptions": [{"lang": "en", "value": "\nDell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system. \n\n"}, {"lang": "es", "value": "Dell Power Manager, versiones anteriores a la 3.14, contienen una vulnerabilidad de autorizaci\u00f3n incorrecta en el servicio DPM. Un usuario malintencionado con pocos privilegios podr\u00eda explotar esta vulnerabilidad para elevar los privilegios en el sistema."}], "lastModified": "2024-02-12T17:12:13.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:power_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "008626FF-F9D3-483B-9958-AB7FD90CA2CC", "versionEndExcluding": "3.14"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}