CVE-2023-43078
HIGHCVSS 7.3/10EPSS 0.17%
Last modified
CVE-2023-43078 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.62.156.006 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.66.128.015 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.65.111.022 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.61.124.014 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.46.147.004 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.46.134.013 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.66.131.016 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.46.135.009 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.65.162.003 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.65.119.017 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.62.140.014 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.46.166.001 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.65.163.002 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.62.139.013 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.46.112.015 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.65.116.019 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.46.143.009 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.46.145.004 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.65.117.031 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.62.102.024 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.69.120.013 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.65.108.018 |
| Dell | Intel Thunderbolt Controller Firmware Update Utility | < 4.46.106.031 |
| Dell | Tpm 2.0 Firmware Update Utility | < 7.2.2.0 |
| Dell | Alienware M15 R6 Firmware | < 1.27.0 |
| Dell | Alienware M15 R7 Firmware | < 1.22.0 |
| Dell | Alienware M16 R1 Firmware | < 1.14.1 |
| Dell | Alienware M18 R1 Firmware | < 1.14.1 |
| Dell | Alienware X14 R2 Firmware | < 1.11.0 |
| Dell | Alienware X16 R1 Firmware | < 1.11.0 |
| Dell | Chengming 3900 Firmware | < 1.19.0 |
| Dell | Chengming 3910 Firmware | < 1.11.0 |
| Dell | Chengming 3911 Firmware | < 1.11.0 |
| Dell | Chengming 3988 Firmware | < 1.20.0 |
| Dell | Chengming 3990 Firmware | < 1.24.0 |
| Dell | Chengming 3991 Firmware | < 1.24.0 |
| Dell | G15 5510 Firmware | < 1.22.0 |
| Dell | G15 5511 Firmware | < 1.26.0 |
| Dell | G15 5520 Firmware | < 1.22.0 |
| Dell | G15 5530 Firmware | < 1.12.0 |
| Dell | G16 7620 Firmware | < 1.22.0 |
| Dell | G16 7630 Firmware | < 1.12.0 |
| Dell | G3 3500 Firmware | < 1.28.0 |
| Dell | G5 5000 Firmware | < 1.17.0 |
| Dell | G5 5090 Firmware | < 1.23.0 |
| Dell | G5 5500 Firmware | < 1.28.0 |
| Dell | G7 7500 Firmware | < 1.30.0 |
| Dell | G7 7700 Firmware | < 1.30.0 |
| Dell | Inspiron 13 5310 Firmware | < 2.25.0 |
| Dell | Inspiron 13 5320 Firmware | < 1.16.0 |
Showing 50 of 368 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-43078?
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
How severe is CVE-2023-43078?
CVE-2023-43078 has a CVSS score of 7.3/10 (HIGH severity). The EPSS model estimates a 0.17% probability of exploitation in the next 30 days.
How do I fix CVE-2023-43078?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2023-43078?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST