Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1983 vulnerabilities reference this CWE, most recent first.

CVE-2023-43078 (GCVE-0-2023-43078)

Vulnerability from cvelistv5 – Published: 2024-08-28 05:33 – Updated: 2024-08-28 22:31
VLAI
Summary
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Dell Dell Client Platform, Dell Dock Firmware Affected: N/A , < 1.27.0 (semver)
Affected: N/A , < 1.22.0 (semver)
Affected: N/A , < 1.14.1 (semver)
Affected: N/A , < 1.11.0 (semver)
Affected: N/A , < 1.19.0 (semver)
Affected: N/A , < 1.20.0 (semver)
Affected: N/A , < 1.24.0 (semver)
Affected: N/A , < 1.26.0 (semver)
Affected: N/A , < 1.12.0 (semver)
Affected: N/A , < 1.28.0 (semver)
Affected: N/A , < 1.17.0 (semver)
Affected: N/A , < 1.23.0 (semver)
Affected: N/A , < 1.30.0 (semver)
Affected: N/A , < 2.25.0 (semver)
Affected: N/A , < 1.16.0 (semver)
Affected: N/A , < 1.12.1 (semver)
Affected: N/A , < 2.24.0 (semver)
Affected: N/A , < 1.8.0 (semver)
Affected: N/A , < 1.18.0 (semver)
Affected: N/A , < 1.29.0 (semver)
Affected: N/A , < 1.24.1 (semver)
Affected: N/A , < 1.22.1 (semver)
Affected: N/A , < 1.31.0 (semver)
Affected: N/A , < 1.25.0 (semver)
Affected: N/A , < 1.10.0 (semver)
Affected: N/A , < 1.34.0 (semver)
Affected: N/A , < 1.32.0 (semver)
Affected: N/A , < 1.36.0 (semver)
Affected: N/A , < 1.10.1 (semver)
Affected: N/A , < 1.36.2 (semver)
Affected: N/A , < 1.21.1 (semver)
Affected: N/A , < 1.33.0 (semver)
Affected: N/A , < 1.35.0 (semver)
Affected: N/A , < 1.34.2 (semver)
Affected: N/A , < 1.30.1 (semver)
Affected: N/A , < 1.15.0 (semver)
Affected: N/A , < 2.22.0 (semver)
Affected: N/A , < 2.16.0 (semver)
Affected: N/A , < 1.22.2 (semver)
Affected: N/A , < 1.1.37 (semver)
Affected: N/A , < 1.27.1 (semver)
Affected: N/A , < 3.3.2 (semver)
Affected: N/A , < 1.28.1 (semver)
Affected: N/A , < 2.11.1 (semver)
Affected: N/A , < 2.28.0 (semver)
Affected: N/A , < 1.28.8 (semver)
Affected: N/A , < 1.1.16 (semver)
Affected: N/A , < 1.20.1 (semver)
Affected: N/A , < 1.9.0 (semver)
Affected: N/A , < 1.6.1 (semver)
Affected: N/A , < 1.1.15 (semver)
Affected: N/A , < 2.23.0 (semver)
Affected: N/A , < 3.20.0 (semver)
Affected: N/A , < 1.19.1 (semver)
Affected: N/A , < 2.9.0 (semver)
Affected: N/A , < 1.13.0 (semver)
Affected: N/A , < 1.0.14.20 (semver)
Affected: N/A , < 01.00.15 (semver)
Affected: N/A , < 01.00.36 (semver)
Affected: N/A , < 4.62.156.006 (semver)
Affected: N/A , < 4.66.128.015 (semver)
Affected: N/A , < 4.65.111.022 (semver)
Affected: N/A , < 4.61.124.014 (semver)
Affected: N/A , < 4.46.147.004 (semver)
Affected: N/A , < 4.46.134.013 (semver)
Affected: N/A , < 4.66.131.016 (semver)
Affected: N/A , < 4.46.135.009 (semver)
Affected: N/A , < 4.65.162.003 (semver)
Affected: N/A , < 4.65.119.017 (semver)
Affected: N/A , < 4.62.140.014 (semver)
Affected: N/A , < 4.46.166.001 (semver)
Affected: N/A , < 4.65.163.002 (semver)
Affected: N/A , < 4.62.139.013 (semver)
Affected: N/A , < 4.46.112.015 (semver)
Affected: N/A , < 4.65.116.019 (semver)
Affected: N/A , < 4.46.143.009 (semver)
Affected: N/A , < 4.46.145.004 (semver)
Affected: N/A , < 4.65.117.031 (semver)
Affected: N/A , < 4.62.102.024 (semver)
Affected: N/A , < 4.65.108.018 (semver)
Affected: N/A , < 4.69.120.013 (semver)
Affected: N/A , < 4.46.106.031 (semver)
Affected: N/A , < 7.2.2.0 (semver)
Affected: N/A , < 74.64 (semver)
Create a notification for this product.
dell alienware_m15_r6_firmware Affected: 0 , < 1.27.0 (semver)
    cpe:2.3:o:dell:wyse_5070_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3480_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3580_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3583_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3540_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3561_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3640_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_7550_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_7560_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_7750_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_7760_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7780_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7480_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5480_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_9420_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5521_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5400_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3320_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3580_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3480_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:alienware_m15_r6_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell alienware_m15_r7_firmware Affected: 0 , < 1.22.0 (semver)
    cpe:2.3:o:dell:xps_17_9720_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:xps_13_9300_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:wyse_5470_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_14_3420_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_15_3520_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5570_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5080_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7070_ultra_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3120_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3310_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5310_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_15_3520_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g16_7620_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g15_5510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g15_5520_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:alienware_m15_r7_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell alienware_m16_r1_firmware Affected: 0 , < 1.14.1 (semver)
    cpe:2.3:o:dell:alienware_m18_r1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:alienware_m16_r1_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell alienware_x14_r2_firmware Affected: 0 , < 1.11.0 (semver)
    cpe:2.3:o:dell:vostro_16_5630_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3020_small_desktop_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3020_tower_desktop_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3480_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_all-in-one_7410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_micro_7010_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_micro_plus_7010_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_small_form_factor_7010_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_small_form_factor_plus_7010_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_tower_7010_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_tower_plus_7010_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5440_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7340_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7440_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7640_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3020_desktop_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3020_small_desktop_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_16_5630_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_16_7630_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_14_5430_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_14_7430_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:chengming_3911_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:chengming_3910_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:alienware_x16_r1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:alienware_x14_r2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell chengming_3900_firmware Affected: 0 , < 1.19.0 (semver)
    cpe:2.3:o:dell:xps_13_9305_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3710_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3910_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_5620_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3470_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5470_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_xe4_tower_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7000_micro_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7000_small_form_factor_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7000_tower_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7000_xe_micro_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5000_micro_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5000_small_form_factor_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5000_tower_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3000_micro_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3000_small_form_factor_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3000_tower_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3330_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5330_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5430_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5431_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3910_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_16_5620_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_14_5420_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:chengming_3900_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell chengming_3988_firmware Affected: 0 , < 1.20.0 (semver)
    cpe:2.3:o:dell:xps_15_9520_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_15_7510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3471_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3671_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_7620_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3571_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5570_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5531_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7330_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7430_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7530_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_9430_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3671_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3471_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_16_7610_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_15_7510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:chengming_3988_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell chengming_3991_firmware Affected: 0 , < 1.24.0 (semver)
    cpe:2.3:o:dell:xps_17_9710_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_5090_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3550_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5760_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3070_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5070_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7070_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7071_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_9510_2in1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7700_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7490_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5401_aio_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5401_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5400_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:chengming_3990_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:chengming_3991_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell g15_5511_firmware Affected: 0 , < 1.26.0 (semver)
    cpe:2.3:o:dell:xps_15_9500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_7500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3590_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_15_3510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5550_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3280_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5270_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7470_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7770_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7310_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7210_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7200_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5421_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7501_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_15_3511_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g15_5511_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell g15_5530_firmware Affected: 0 , < 1.12.0 (semver)
    cpe:2.3:o:dell:latitude_7230_rugged_extreme_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3140_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_16_plus_7630_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_14_plus_7430_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g16_7630_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g15_5530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell g3_3500_firmware Affected: 0 , < 1.28.0 (semver)
    cpe:2.3:o:dell:xps_17_9700_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3400_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3401_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3501_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_5402_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_5502_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3541_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5750_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_xe3_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7060_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5060_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3060_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5401_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5501_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7300_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7320_detachable_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7400_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3501_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5402_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5406_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5409_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5502_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5509_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7306_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7506_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7706_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3430_tower_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g5_5500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g3_3500_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell g5_5000_firmware Affected: 0 , < 1.17.0 (semver)
    cpe:2.3:o:dell:latitude_9330_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_16_7620_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_14_7420_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g5_5000_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell g5_5090_firmware Affected: 0 , < 1.23.0 (semver)
    cpe:2.3:o:dell:xps_13_7390_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:wyse_5470_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_5880_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3240_compact_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3440_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7080_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7330_rugged_laptop_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5430_rugged_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3310_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3431_tower_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:g5_5090_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell dell_g7_7700_firmware Affected: 0 , < 1.30.0 (semver)
    cpe:2.3:o:dell:precision_3530_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7760_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7460_all_in_one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5260_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5491_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5591_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:dell_g7_7500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:dell_g7_7700_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell precision_3630_tower_firmware Affected: 0 , < 2.25.0 (semver)
    cpe:2.3:o:dell:vostro_13_5310_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_13_5310_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3630_tower_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_13_5320_firmware Affected: 0 , < 1.16.0 (semver)
    cpe:2.3:o:dell:vostro_5320_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3530_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3430_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_13_5320_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_13_5330_firmware Affected: 0 , < 1.12.1 (semver)
    cpe:2.3:o:dell:inspiron_13_5330_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_14_5410_firmware Affected: 0 , < 2.24.0 (semver)
    cpe:2.3:o:dell:vostro_15_5510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_14_5410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_15_5510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_15_5518_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_14_5418_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_14_5410_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_15_3530_firmware Affected: 0 , < 1.8.0 (semver)
    cpe:2.3:o:dell:vostro_14_3430_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_15_3530_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5480_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_9440_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_15_3530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_24_5411_all-in-one_firmware Affected: 0 , < 1.18.0 (semver)
    cpe:2.3:o:dell:inspiron_27_7710_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_24_5410_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_24_5411_all-in-one_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_3593_firmware Affected: 0 , < 1.29.0 (semver)
    cpe:2.3:o:dell:xps_13_7390_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_7740_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_7540_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7424_rugged_extreme_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5420_rugged_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5424_rugged_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5300_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5300_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3301_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5593_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3793_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3593_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_3880_firmware Affected: 0 , < 1.24.1 (semver)
    cpe:2.3:o:dell:inspiron_3881_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3880_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_3891_firmware Affected: 0 , < 1.22.1 (semver)
    cpe:2.3:o:dell:vostro_5890_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3890_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:vostro_3690_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3450_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_3891_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell inspiron_5301_firmware Affected: 0 , < 1.31.0 (semver)
    cpe:2.3:o:dell:vostro_5301_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_7730_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_7530_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3500_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3400_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3190_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3190_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7400_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_7300_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:inspiron_5301_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_3300_firmware Affected: 0 , < 1.25.0 (semver)
    cpe:2.3:o:dell:xps_15_7590_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:xps_15_9510_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5560_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5540_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3551_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_7090_ultra_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3090_ultra_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_9410_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7400_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5511_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5411_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_3340_firmware Affected: 0 , < 1.10.0 (semver)
    cpe:2.3:o:dell:xps_15_9530_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_5680_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3540_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3440_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3340_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_3420_firmware Affected: 0 , < 1.34.0 (semver)
    cpe:2.3:o:dell:precision_5530_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3520_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_3420_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_5290_firmware Affected: 0 , < 1.32.0 (semver)
    cpe:2.3:o:dell:latitude_5590_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5490_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5290_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_5320_firmware Affected: 0 , < 1.36.0 (semver)
    cpe:2.3:o:dell:precision_3560_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5520_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5320_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_5340_firmware Affected: 0 , < 1.10.1 (semver)
    cpe:2.3:o:dell:precision_3580_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3581_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5540_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5340_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_5420_firmware Affected: 0 , < 1.36.2 (semver)
    cpe:2.3:o:dell:latitude_5420_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_5530_firmware Affected: 0 , < 1.21.1 (semver)
    cpe:2.3:o:dell:precision_3570_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_5530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_7220_rugged_extreme_firmware Affected: 0 , < 1.33.0 (semver)
    cpe:2.3:o:dell:latitude_rugged_7220_extreme_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7220_rugged_extreme_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_7290_firmware Affected: 0 , < 1.35.0 (semver)
    cpe:2.3:o:dell:latitude_7490_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7390_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7290_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_7320_firmware Affected: 0 , < 1.34.2 (semver)
    cpe:2.3:o:dell:latitude_7520_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7420_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7320_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell latitude_9520_firmware Affected: 0 , < 1.30.1 (semver)
    cpe:2.3:o:dell:latitude_9520_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell optiplex_3000_thin_client_firmware Affected: 0 , < 1.15.0 (semver)
    cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell optiplex_3080_firmware Affected: 0 , < 2.22.0 (semver)
    cpe:2.3:o:dell:xps_13_9310_2-in-1_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3080_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell optiplex_3090_firmware Affected: 0 , < 2.16.0 (semver)
    cpe:2.3:o:dell:xps_8940_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_3090_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell optiplex_5090_tower_firmware Affected: 0 , < 1.22.2 (semver)
    cpe:2.3:o:dell:optiplex_7090_tower_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5090_micro_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5090_small_form_factor_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5090_tower_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell optiplex_5400_all-in-one_firmware Affected: 0 , < 1.1.37 (semver)
    cpe:2.3:o:dell:optiplex_7400_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5400_all-in-one_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell optiplex_5490_all-in-one_firmware Affected: 0 , < 1.27.1 (semver)
    cpe:2.3:o:dell:optiplex_7490_all-in-one_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:optiplex_5490_all-in-one_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell precision_3260_xe_compact_firmware Affected: 0 , < 3.3.2 (semver)
    cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3460_xe_small_form_factor_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3260_compact_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:precision_3260_xe_compact_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell precision_3650_tower_firmware Affected: 0 , < 1.28.1 (semver)
    cpe:2.3:o:dell:precision_3650_tower_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell precision_3660_firmware Affected: 0 , < 2.11.1 (semver)
    cpe:2.3:o:dell:precision_3660_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-02-22 06:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dell:wyse_5070_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3480_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3580_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3583_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3540_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3561_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3640_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_7550_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_7560_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_7750_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_7760_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7780_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7480_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5480_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_9420_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5521_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5400_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3410_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3320_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3580_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3480_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:alienware_m15_r6_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "alienware_m15_r6_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.27.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_17_9720_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:xps_13_9300_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:wyse_5470_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_14_3420_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_15_3520_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5570_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5080_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7070_ultra_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3120_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3310_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5310_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_15_3520_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g16_7620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g15_5510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g15_5520_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:alienware_m15_r7_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "alienware_m15_r7_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.22.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:alienware_m18_r1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:alienware_m16_r1_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "alienware_m16_r1_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.14.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:vostro_16_5630_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3020_small_desktop_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3020_tower_desktop_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3480_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_all-in-one_7410_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_micro_7010_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_micro_plus_7010_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_small_form_factor_7010_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_small_form_factor_plus_7010_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_tower_7010_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_tower_plus_7010_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5440_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7340_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7440_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7640_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3020_desktop_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3020_small_desktop_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_16_5630_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_16_7630_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_14_5430_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_14_7430_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:chengming_3911_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:chengming_3910_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:alienware_x16_r1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:alienware_x14_r2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "alienware_x14_r2_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.11.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_13_9305_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3710_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3910_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_5620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3470_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5470_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_xe4_tower_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7000_micro_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7000_small_form_factor_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7000_tower_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7000_xe_micro_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5000_micro_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5000_small_form_factor_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5000_tower_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3000_micro_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3000_small_form_factor_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3000_tower_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3330_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5330_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5430_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5431_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3910_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_16_5620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_14_5420_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:chengming_3900_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "chengming_3900_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.19.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_15_9520_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_15_7510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3471_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3671_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_7620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3571_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5570_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5531_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7330_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7430_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7530_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_9430_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3671_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3471_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_16_7610_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_15_7510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:chengming_3988_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "chengming_3988_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.20.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_17_9710_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_5090_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3550_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5760_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3070_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5070_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7070_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7071_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_9510_2in1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5410_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7700_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7490_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5401_aio_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5401_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5400_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:chengming_3990_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:chengming_3991_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "chengming_3991_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.24.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_15_9500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_7500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3590_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_15_3510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5550_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3280_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5270_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7470_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7770_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7410_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7310_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7210_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7200_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5421_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7501_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_15_3511_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g15_5511_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "g15_5511_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.26.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_7230_rugged_extreme_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3140_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_16_plus_7630_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_14_plus_7430_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g16_7630_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g15_5530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "g15_5530_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.12.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_17_9700_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3400_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3401_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3501_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_5402_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_5502_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3541_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5750_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_xe3_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7060_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5060_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3060_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5401_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5501_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7300_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7320_detachable_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7400_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3501_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5402_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5406_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5409_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5502_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5509_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7306_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7506_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7706_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3430_tower_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g5_5500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g3_3500_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "g3_3500_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.28.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_9330_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_16_7620_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_14_7420_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g5_5000_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "g5_5000_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_13_7390_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:wyse_5470_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_5880_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3240_compact_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3440_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7080_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7330_rugged_laptop_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5430_rugged_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3310_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3431_tower_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:g5_5090_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "g5_5090_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.23.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:precision_3530_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7760_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7460_all_in_one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5260_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5491_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5591_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:dell_g7_7500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:dell_g7_7700_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "dell_g7_7700_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.30.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:vostro_13_5310_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_13_5310_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3630_tower_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "precision_3630_tower_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.25.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:vostro_5320_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3530_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3430_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_13_5320_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_13_5320_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:inspiron_13_5330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_13_5330_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.12.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:vostro_15_5510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_14_5410_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5410_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_15_5510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_15_5518_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_14_5418_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_14_5410_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_14_5410_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.24.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:vostro_14_3430_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_15_3530_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5480_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_9440_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_15_3530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_15_3530_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.8.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:inspiron_27_7710_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_24_5410_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_24_5411_all-in-one_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_24_5411_all-in-one_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.18.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_13_7390_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_7740_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_7540_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7424_rugged_extreme_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5420_rugged_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5424_rugged_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5300_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5300_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3301_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5593_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3793_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3593_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_3593_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.29.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:inspiron_3881_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3880_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_3880_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.24.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:vostro_5890_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3890_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:vostro_3690_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3450_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_3891_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_3891_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.22.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:vostro_5301_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_7730_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_7530_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3400_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3190_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3190_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7400_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_7300_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:inspiron_5301_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "inspiron_5301_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.31.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_15_7590_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:xps_15_9510_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5560_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5540_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3551_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_7090_ultra_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3090_ultra_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_9410_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7400_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5511_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5411_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3300_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.25.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_15_9530_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_5680_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3540_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3440_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3340_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3340_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:precision_5530_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3520_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_3420_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3420_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.34.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_5590_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5490_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5290_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5290_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.32.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:precision_3560_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5520_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5320_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5320_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.36.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:precision_3580_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3581_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5540_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5340_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5340_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.10.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_5420_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5420_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.36.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:precision_3570_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_5530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5530_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.21.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_rugged_7220_extreme_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7220_rugged_extreme_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_7220_rugged_extreme_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.33.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_7490_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7390_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7290_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_7290_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.35.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_7520_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7420_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:latitude_7320_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_7320_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.34.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_9520_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_9520_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.30.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "optiplex_3000_thin_client_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_13_9310_2-in-1_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3080_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "optiplex_3080_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.22.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:xps_8940_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_3090_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "optiplex_3090_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:optiplex_7090_tower_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5090_micro_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5090_small_form_factor_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5090_tower_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "optiplex_5090_tower_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.22.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:optiplex_7400_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5400_all-in-one_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "optiplex_5400_all-in-one_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.1.37",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:optiplex_7490_all-in-one_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:optiplex_5490_all-in-one_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "optiplex_5490_all-in-one_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.27.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3460_xe_small_form_factor_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3260_compact_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:precision_3260_xe_compact_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "precision_3260_xe_compact_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "3.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:precision_3650_tower_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "precision_3650_tower_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.28.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:precision_3660_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "precision_3660_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.11.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43078",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T14:17:19.963412Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T22:31:00.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Dell Client Platform, Dell Dock Firmware",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.14.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.17.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.16.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.8.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.10.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.33.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.35.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.15.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.22.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.16.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.37",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.11.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.28.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.8",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.16",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.6.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.15",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.23.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.9.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.0.14.20",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "01.00.15",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "01.00.36",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.62.156.006",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.66.128.015",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.65.111.022",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.61.124.014",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.46.147.004",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.46.134.013",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.66.131.016",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.46.135.009",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.65.162.003",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.65.119.017",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.62.140.014",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.46.166.001",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.65.163.002",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.62.139.013",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.46.112.015",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.65.116.019",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.46.143.009",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.46.145.004",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.65.117.031",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.62.102.024",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.65.108.018",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.69.120.013",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "4.46.106.031",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "7.2.2.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "74.64",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-02-22T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service."
            }
          ],
          "value": "Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T05:33:16.899Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000217981/dsa-2023-362-security-update-for-dell-dock-firmware-and-dell-client-platform-for-an-improper-link-resolution-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-43078",
    "datePublished": "2024-08-28T05:33:16.899Z",
    "dateReserved": "2023-09-15T07:02:11.648Z",
    "dateUpdated": "2024-08-28T22:31:00.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-42137 (GCVE-0-2023-42137)

Vulnerability from cvelistv5 – Published: 2024-01-15 13:28 – Updated: 2025-06-17 21:09
VLAI
Summary
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
Impacted products
Vendor Product Version
PAX Technology POS terminals Affected: 0 , ≤ 11.1.50_20230614 (custom)
Create a notification for this product.
Date Public
2024-01-15 11:00
Credits
Hubert Jasudowicz, Adam Kliś and other members of STM Cyber R&D team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:16:50.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://ppn.paxengine.com/release/development"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42137",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-16T15:42:07.754870Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:09:22.709Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Android"
          ],
          "product": "POS terminals",
          "vendor": "PAX Technology",
          "versions": [
            {
              "lessThanOrEqual": "11.1.50_20230614",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hubert Jasudowicz, Adam Kli\u015b and other members of STM Cyber R\u0026D team"
        }
      ],
      "datePublic": "2024-01-15T11:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003ePAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe attacker must have shell access to the device in order to exploit this vulnerability. \u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.\n\n\n\n\nThe attacker must have shell access to the device in order to exploit this vulnerability."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-10T15:35:56.930Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://ppn.paxengine.com/release/development"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://blog.stmcyber.com/pax-pos-cves-2023/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2024/01/CVE-2023-4818/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/posts/2024/01/CVE-2023-4818/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2023-42137",
    "datePublished": "2024-01-15T13:28:59.106Z",
    "dateReserved": "2023-09-07T13:17:57.372Z",
    "dateUpdated": "2025-06-17T21:09:22.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-42126 (GCVE-0-2023-42126)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:13 – Updated: 2024-08-02 19:16
VLAI
Title
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
Summary
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GDBackupSvc service. By creating a symbolic link, an attacker can abuse the service to create a file with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20694.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
zdi
References
Impacted products
Vendor Product Version
G DATA Total Security Affected: 25.5.14.95
Create a notification for this product.
gdata-software total_security Affected: 0 , < 25.5.14.95 (custom)
    cpe:2.3:a:gdata-software:total_security:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-09-29 22:01
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:gdata-software:total_security:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "total_security",
            "vendor": "gdata-software",
            "versions": [
              {
                "lessThan": "25.5.14.95",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42126",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-16T19:26:04.983685Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T19:33:23.550Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:16:50.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1493",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1493/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Total Security",
          "vendor": "G DATA",
          "versions": [
            {
              "status": "affected",
              "version": "25.5.14.95"
            }
          ]
        }
      ],
      "dateAssigned": "2023-09-06T21:25:45.540Z",
      "datePublic": "2023-09-29T22:01:25.692Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the GDBackupSvc service. By creating a symbolic link, an attacker can abuse the service to create a file with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20694."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T02:13:32.063Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1493",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1493/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Filip Dragovic (@filip_dragovic)"
      },
      "title": "G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-42126",
    "datePublished": "2024-05-03T02:13:32.063Z",
    "dateReserved": "2023-09-06T21:14:24.437Z",
    "dateUpdated": "2024-08-02T19:16:50.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-42099 (GCVE-0-2023-42099)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:13 – Updated: 2024-08-15 15:50
VLAI
Title
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
Summary
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21846.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
zdi
References
Impacted products
Vendor Product Version
Intel Driver & Support Assistant Affected: 23.3.25.6
Create a notification for this product.
intel driver\&support_assistant Affected: 23.3.25.6
    cpe:2.3:a:intel:driver\&support_assistant:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-09-21 18:10
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:intel:driver\\\u0026support_assistant:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "driver\\\u0026support_assistant",
            "vendor": "intel",
            "versions": [
              {
                "status": "affected",
                "version": "23.3.25.6"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42099",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T14:47:24.000027Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T15:50:14.641Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:16:50.384Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1449",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1449/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Driver \u0026 Support Assistant",
          "vendor": "Intel",
          "versions": [
            {
              "status": "affected",
              "version": "23.3.25.6"
            }
          ]
        }
      ],
      "dateAssigned": "2023-09-06T21:25:45.367Z",
      "datePublic": "2023-09-21T18:10:14.369Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Intel Driver \u0026 Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver \u0026 Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21846."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T02:13:11.158Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1449",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1449/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Anonymous"
      },
      "title": "Intel Driver \u0026 Support Assistant Link Following Local Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-42099",
    "datePublished": "2024-05-03T02:13:11.158Z",
    "dateReserved": "2023-09-06T21:14:24.432Z",
    "dateUpdated": "2024-08-15T15:50:14.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-41971 (GCVE-0-2023-41971)

Vulnerability from cvelistv5 – Published: 2024-05-02 13:11 – Updated: 2024-08-06 17:51
VLAI
Title
Windows ZCC Upgrade DoS And Privilege Escalation Through RPC Control
Summary
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
Impacted products
Vendor Product Version
Zscaler Client Connector Affected: 0 , < 3.7 (custom)
Create a notification for this product.
zscaler client_connector Affected: 0 , < 3.7 (custom)
    cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*
Create a notification for this product.
Credits
LMCO Red Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:09:49.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021??applicable_category=windows\u0026applicable_version=3.7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "client_connector",
            "vendor": "zscaler",
            "versions": [
              {
                "lessThan": "3.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-02T17:15:44.552151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:51:01.988Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Client Connector",
          "vendor": "Zscaler",
          "versions": [
            {
              "lessThan": "3.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LMCO Red Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.\u003cp\u003eThis issue affects Client Connector on Windows: before 3.7.\u003c/p\u003e"
            }
          ],
          "value": "An Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-73",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-73 User-Controlled Filename"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-02T13:11:07.860Z",
        "orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
        "shortName": "Zscaler"
      },
      "references": [
        {
          "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021??applicable_category=windows\u0026applicable_version=3.7"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Windows ZCC Upgrade DoS And Privilege Escalation Through RPC Control",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
    "assignerShortName": "Zscaler",
    "cveId": "CVE-2023-41971",
    "datePublished": "2024-05-02T13:11:07.860Z",
    "dateReserved": "2023-09-06T17:14:12.958Z",
    "dateUpdated": "2024-08-06T17:51:01.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38175 (GCVE-0-2023-38175)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:07
VLAI
Title
Microsoft Windows Defender Elevation of Privilege Vulnerability
Summary
Microsoft Windows Defender Elevation of Privilege Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows Defender Antimalware Platform Affected: 4.0.0.0 , < 1.1.23060.3001 (custom)
Create a notification for this product.
Date Public
2023-08-08 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:30:14.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Windows Defender Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38175",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:53:48.670730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T21:07:35.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Windows Defender Antimalware Platform",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "1.1.23060.3001",
              "status": "affected",
              "version": "4.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.1.23060.3001",
                  "versionStartIncluding": "4.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Windows Defender Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:59:00.388Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Windows Defender Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175"
        }
      ],
      "title": "Microsoft Windows Defender Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-38175",
    "datePublished": "2023-08-08T17:08:42.860Z",
    "dateReserved": "2023-07-12T23:41:45.863Z",
    "dateUpdated": "2025-02-27T21:07:35.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36903 (GCVE-0-2023-36903)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-01-01 01:58
VLAI
Title
Windows System Assessment Tool Elevation of Privilege Vulnerability
Summary
Windows System Assessment Tool Elevation of Privilege Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < 10.0.17763.4737 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.4737 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < 10.0.17763.4737 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < 10.0.17763.4737 (custom)
Create a notification for this product.
Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.1906 (custom)
Create a notification for this product.
Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.2295 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 21H2 Affected: 10.0.19043.0 , < 10.0.19044.3324 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H2 Affected: 10.0.22621.0 , < 10.0.22621.2134 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 22H2 Affected: 10.0.19045.0 , < 10.0.19045.3324 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < 10.0.10240.20107 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.6167 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.6167 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.6167 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.7601.0 , < 6.1.7601.26664 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.1.7601.0 , < 6.1.7601.26664 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.24414 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.24414 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.21503 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.21503 (custom)
Create a notification for this product.
Date Public
2023-08-08 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T20:23:16.796607Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T20:23:23.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows System Assessment Tool Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36903"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4737",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4737",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4737",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4737",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.1906",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2295",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.3324",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.2134",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.3324",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20107",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6167",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6167",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6167",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26664",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26664",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24414",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24414",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21503",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21503",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.4737",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.4737",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.4737",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.4737",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.1906",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2295",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.3324",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.2134",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.3324",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20107",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6167",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6167",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6167",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26664",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26664",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24414",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24414",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21503",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21503",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows System Assessment Tool Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:58:41.494Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows System Assessment Tool Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36903"
        }
      ],
      "title": "Windows System Assessment Tool Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36903",
    "datePublished": "2023-08-08T17:08:24.373Z",
    "dateReserved": "2023-06-27T20:28:49.989Z",
    "dateUpdated": "2025-01-01T01:58:41.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36876 (GCVE-0-2023-36876)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-01-01 01:58
VLAI
Title
Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
Summary
Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Date Public
2023-08-08 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36876",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T18:42:11.942855Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T18:42:20.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26664",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26664",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26664",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26664",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:58:37.580Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876"
        }
      ],
      "title": "Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36876",
    "datePublished": "2023-08-08T17:08:21.064Z",
    "dateReserved": "2023-06-27T20:28:05.990Z",
    "dateUpdated": "2025-01-01T01:58:37.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36874 (GCVE-0-2023-36874)

Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-10-21 23:05
VLAI
Title
Windows Error Reporting Service Elevation of Privilege Vulnerability
Summary
Windows Error Reporting Service Elevation of Privilege Vulnerability
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Affected: 10.0.17763.0 , < 10.0.17763.4645 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1809 Affected: 10.0.0 , < 10.0.17763.4645 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 Affected: 10.0.17763.0 , < 10.0.17763.4645 (custom)
Create a notification for this product.
Microsoft Windows Server 2019 (Server Core installation) Affected: 10.0.17763.0 , < 10.0.17763.4645 (custom)
Create a notification for this product.
Microsoft Windows Server 2022 Affected: 10.0.20348.0 , < 10.0.20348.1850 (custom)
Create a notification for this product.
Microsoft Windows 11 version 21H2 Affected: 10.0.0 , < 10.0.22000.2176 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 21H2 Affected: 10.0.19043.0 , < 10.0.19044.3208 (custom)
Create a notification for this product.
Microsoft Windows 11 version 22H2 Affected: 10.0.22621.0 , < 10.0.22621.1992 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 22H2 Affected: 10.0.19045.0 , < 10.0.19045.3208 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < 10.0.10240.20048 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.6085 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.6085 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.6085 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.6003.0 , < 6.0.6003.22175 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.6003.0 , < 6.0.6003.22175 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.6003.0 , < 6.0.6003.22175 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.7601.0 , < 6.1.7601.26623 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.1.7601.0 , < 6.1.7601.26623 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.24374 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.24374 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.21063 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.21063 (custom)
Create a notification for this product.
Date Public
2023-07-11 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36874",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T22:25:27.249506Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-07-11",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36874"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:43.409Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36874"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-07-11T00:00:00.000Z",
            "value": "CVE-2023-36874 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:10.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Error Reporting Service Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/174843/Microsoft-Error-Reporting-Local-Privilege-Elevation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4645",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4645",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4645",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4645",
              "status": "affected",
              "version": "10.0.17763.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.1850",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2176",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.3208",
              "status": "affected",
              "version": "10.0.19043.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.1992",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.3208",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20048",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6085",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6085",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6085",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22175",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22175",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22175",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26623",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26623",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24374",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24374",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21063",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.21063",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.17763.4645",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.17763.4645",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.4645",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.17763.4645",
                  "versionStartIncluding": "10.0.17763.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.1850",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22000.2176",
                  "versionStartIncluding": "10.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19044.3208",
                  "versionStartIncluding": "10.0.19043.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22621.1992",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19045.3208",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.20048",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.6085",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6085",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.6085",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.22175",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.22175",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "6.0.6003.22175",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26623",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26623",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24374",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24374",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21063",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.21063",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Error Reporting Service Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:52:36.845Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Error Reporting Service Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874"
        }
      ],
      "title": "Windows Error Reporting Service Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36874",
    "datePublished": "2023-07-11T17:03:03.528Z",
    "dateReserved": "2023-06-27T20:26:38.145Z",
    "dateUpdated": "2025-10-21T23:05:43.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-36758 (GCVE-0-2023-36758)

Vulnerability from cvelistv5 – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:17
VLAI
Title
Visual Studio Elevation of Privilege Vulnerability
Summary
Visual Studio Elevation of Privilege Vulnerability
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.7 Affected: 17.7.0 , < 17.7.4 (custom)
Create a notification for this product.
Date Public
2023-09-12 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.221Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.7.4",
              "status": "affected",
              "version": "17.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.7.4",
                  "versionStartIncluding": "17.7.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T18:17:56.973Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-36758",
    "datePublished": "2023-09-12T16:58:30.263Z",
    "dateReserved": "2023-06-27T15:11:59.867Z",
    "dateUpdated": "2025-10-30T18:17:56.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.