CVE-2023-28049

MEDIUM

Dell Command | Monitor < 10.9.1 - Improper Privilege Management

Title source: rule

Description

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.

References (1)

[Patch, Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000211748/dsa-2023-125-dell-command-monitor-dcm

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 7.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269 CWE-267

Status published

Products (1)

dell/command_\|_monitor < 10.9.1

Published Feb 06, 2024

Tracked Since Feb 18, 2026