Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
Tag: Dell
ASA-2019-00373 – PC-Doctor Toolbox: Uncontrolled Search Path Element
Uncontrolled search path element vulnerability in PC-Doctor Toolbox prior to version 7.3 allows local users to gain privileges and conduct DLL hijacking attacks via a trojan horse DLL located in an unsecured directory which has been added to the PATH environment variable.
ASA-2019-00372 – Dell SupportAssist: Improper Privilege Management Vulnerability
Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs has been updated to address a vulnerability, which may be potentially exploited to compromise the system. Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.
ASA-2019-00262 – Dell SupportAssist Client: Remote Code Execution Vulnerability
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.
ASA-2019-00261 – Dell SupportAssist Client: Improper Origin Validation
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.
ASA-2018-00017 – Dell EMC Integrated Data Protection Appliance: Undocumented Accounts Vulnerability
Integrated Data Protection Appliance (iDPA) contains undocumented accounts with limited access which may potentially be used by a malicious user to compromise the affected system. Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named "support" and "admin" that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.