Incorrect default permissions vulnerability in Dell Digital Delivery versions prior to 3.5.2015

Overview :
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.
Affected Product(s) :
Dell Digital Delivery versions prior to 3.5.2015

Alienware Digital Delivery versions prior to 3.5.2015

Vulnerability Details :
CVE ID :

CVE-2020-5342

Solution :

The following Dell/Alienware Digital Delivery releases contain a resolution to these vulnerabilities:

  • Dell Digital Delivery versions 3.5.2015 and later
  • Alienware Digital Delivery versions 3.5.2015 and later

Dell recommends all customers upgrade at the earliest opportunity.

Please visit the Dell Support Drivers and Downloads site for updates on the applicable products.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-42457 : GENEREX CS141 PRIOR 2.08 WEB INTERFACE GXSERVE-UPDATE.SH RUN_UPDATE PRIVILEGE ESCALATION

CVE-2022-42457 : GENEREX CS141 PRIOR 2.08 WEB INTERFACE GXSERVE-UPDATE.SH RUN_UPDATE PRIVILEGE ESCALATION

Description Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION

Description A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

Description An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable