Multiple vulnerabilities in Dell Display Manager
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-28047 CVE-2023-28046 |
| CWE-ID | CWE-269 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Display Manager Other software / Other software solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Privilege Management
EUVDB-ID: #VU79765
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28047
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to Dell Display Manager contains an arbitrary file or folder creation vulnerability during installation. A local user can escalate privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsDisplay Manager: before 2.1.1
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000211727/dsa-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Privilege Management
EUVDB-ID: #VU79766
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28046
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to delete arbitrary files on the operating system with high privilege.
The vulnerability exists due to improper privilege management. A local user can delete arbitrary files on the operating system with high privilege.
MitigationInstall update from vendor's website.
Vulnerable software versionsDisplay Manager: before 2.1.1
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000211727/dsa-2023
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
