What is CVE-2023-23698?

CVE-2023-23698 is a vulnerability found in Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 on Windows, which allows a local malicious user to potentially delete arbitrary files.

How severe is CVE-2023-23698?

CVE-2023-23698 has a severity rating of 7.1 (High).

Which software versions are affected by CVE-2023-23698?

Dell Command | Update versions before 4.6.0 and 4.7.1, Dell Update versions before 4.6.0 and 4.7.1, and Alienware Update versions before 4.6.0 and 4.7.1 are affected by CVE-2023-23698.

How can a local malicious user exploit CVE-2023-23698?

A local malicious user can exploit CVE-2023-23698 by taking advantage of an Insecure Operation on Windows Junction in the installer component, which may lead to arbitrary file deletion.

Where can I find more information about CVE-2023-23698?

More information about CVE-2023-23698 can be found at the following link: [Dell Support KB](https://www.dell.com/support/kbdoc/en-us/000208038/dsa-2023-031)

Vulnerability/
CVE-2023-23698

high

7.1

CWE

1386

10/2/2023

16/2/2023

CVE-2023-23698

First published: Fri Feb 10 2023(Updated: )

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
Dell Update	=4.6.0
Dell Update	=4.7.1
Dell Update	=4.6.0
Dell Update	=4.7.1

Remedy

https://www.dell.com/support/kbdoc/en-us/000208038/dsa-2023-031

Never miss a vulnerability like this again

Reference Links

https://www.dell.com/support/kbdoc/en-us/000208038/dsa-2023-031

Frequently Asked Questions

What is CVE-2023-23698?
CVE-2023-23698 is a vulnerability found in Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 on Windows, which allows a local malicious user to potentially delete arbitrary files.
How severe is CVE-2023-23698?
CVE-2023-23698 has a severity rating of 7.1 (High).
Which software versions are affected by CVE-2023-23698?
Dell Command | Update versions before 4.6.0 and 4.7.1, Dell Update versions before 4.6.0 and 4.7.1, and Alienware Update versions before 4.6.0 and 4.7.1 are affected by CVE-2023-23698.
How can a local malicious user exploit CVE-2023-23698?
A local malicious user can exploit CVE-2023-23698 by taking advantage of an Insecure Operation on Windows Junction in the installer component, which may lead to arbitrary file deletion.
Where can I find more information about CVE-2023-23698?
More information about CVE-2023-23698 can be found at the following link: [Dell Support KB](https://www.dell.com/support/kbdoc/en-us/000208038/dsa-2023-031)

agent/weakness
agent/event
agent/author
agent/severity
agent/references
agent/type
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/description
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/dell
canonical/dell update
version/dell update/4.6.0
version/dell update/4.7.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.