Detections
Analytics

Dell Display Manager 2.1.1.17 Privilege Escalation

high Nessus Plugin ID 178292

Language:

Synopsis

A display control application installed on the remote Windows host is affected by a privilege escalation vulnerability.

Description

The version of Dell Display Manager on the remote Windows host is version 2.1.1.17. It is, therefore affected by a privilege escalation vulnerability. A low privilege user can execute malicious code during installation and uninstallation.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dell Display Manager version 2.1.1.21 or later

See Also

https://www.dell.com/support/kbdoc/en-ie/000215216/dsa-2023-182-dell

Plugin Details

Severity: High

ID: 178292

File Name: dell_display_manager_CVE-2023-32451.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 7/14/2023

Updated: 2/13/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-32451

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:dell:display_manager

Required KB Items: installed_sw/Dell Display Manager, SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 7/5/2023

Vulnerability Publication Date: 7/7/2023

Reference Information

CVE: CVE-2023-32451

IAVB: 2023-B-0050