Incorrect default permissions vulnerability in Dell Digital Delivery versions prior to 3.5.2015

Overview :
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.
Affected Product(s) :
Dell Digital Delivery versions prior to 3.5.2015

Alienware Digital Delivery versions prior to 3.5.2015

Vulnerability Details :
CVE ID :

CVE-2020-5342

Solution :

The following Dell/Alienware Digital Delivery releases contain a resolution to these vulnerabilities:

  • Dell Digital Delivery versions 3.5.2015 and later
  • Alienware Digital Delivery versions 3.5.2015 and later

Dell recommends all customers upgrade at the earliest opportunity.

Please visit the Dell Support Drivers and Downloads site for updates on the applicable products.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-37708 : DOCKER 20.10.15 BUILD FD82621 PERMISSION

CVE-2022-37708 : DOCKER 20.10.15 BUILD FD82621 PERMISSION

Description Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

Description There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

Description The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions