CVE-2023-25542

EPSS 0.04%
Published 06.04.2023 07:15:06
Last modified 21.11.2024 07:49:41
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Trusted Device Agent Version < 5.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.112

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://www.dell.com/support/kbdoc/en-us/000209461/dsa-2023-074

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-25542

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25542

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25542

EUVD