Strix
26.1K

CVE-2023-22576

HIGHCVSS 7.8/10EPSS 0.13%

Last modified

CVE-2023-22576 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. EPSS estimates a 0.13% chance of exploitation in the next 30 days.

Description

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.13%

3.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellRepository Manager< 3.4.3

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2023-22576?
Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.
How severe is CVE-2023-22576?
CVE-2023-22576 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.13% probability of exploitation in the next 30 days.
How do I fix CVE-2023-22576?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-22576?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST