exploitDog

CVE-2022-34404

Опубликовано: 11 фев. 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 6

EPSS Низкий

Описание

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

Ссылки

https://www.dell.com/support/kbdoc/000203733
Vendor Advisory
https://www.dell.com/support/kbdoc/000203733
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dell:system_update:*:*:*:*:*:*:*:*

Версия до 2.0.1.0 (исключая)

EPSS

Процентиль: 16%

0.0005

Низкий

6.5 Medium

CVSS3

6 Medium

CVSS3

Дефекты

CWE-295

CWE-295

Связанные уязвимости

GHSA-7jvq-hrp2-xm5c

CVSS3: 6

github

почти 3 года назад

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

EPSS

Процентиль: 16%

0.0005

Низкий

6.5 Medium

CVSS3

6 Medium

CVSS3

Дефекты

CWE-295

CWE-295