#VU70440 Improper access control in Dell Client/Desktop applications
Vulnerability identifier: #VU70440
Vulnerability risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Alienware m15 Ryzen Edition R5
Hardware solutions /
Firmware
Alienware m15 R6
Hardware solutions /
Firmware
Dell G5 5090
Hardware solutions /
Firmware
Dell G5 5000
Hardware solutions /
Firmware
Alienware Area 51m R2
Hardware solutions /
Firmware
Dell G7 7500
Hardware solutions /
Firmware
Dell G7 7700
Hardware solutions /
Firmware
Alienware x15 R1
Hardware solutions /
Firmware
Alienware x17 R1
Hardware solutions /
Firmware
Alienware m15 R1
Hardware solutions /
Firmware
Alienware m17 R1
Hardware solutions /
Firmware
Dell Gaming G3 3590
Hardware solutions /
Firmware
Dell G3 3500
Hardware solutions /
Firmware
Dell G5 5500
Hardware solutions /
Firmware
Alienware Area 51m R1
Hardware solutions /
Firmware
Alienware Aurora R8
Hardware solutions /
Firmware
Dell G15 5515
Hardware solutions /
Firmware
Dell G15 5510
Hardware solutions /
Firmware
Dell G15 5511
Hardware solutions /
Firmware
Alienware Aurora R10
Hardware solutions /
Firmware
Alienware Aurora R9
Hardware solutions /
Firmware
Alienware Aurora R11
Hardware solutions /
Firmware
Alienware Aurora R12
Hardware solutions /
Firmware
Alienware m15 R3
Hardware solutions /
Firmware
Alienware m15 R4
Hardware solutions /
Firmware
Alienware m17 R3
Hardware solutions /
Firmware
Alienware m17 R4
Hardware solutions /
Firmware
Dell G5 5590
Hardware solutions /
Firmware
Dell G7 7590
Hardware solutions /
Firmware
Dell G7 7790
Hardware solutions /
Firmware
Alienware Aurora R13
Hardware solutions /
Firmware
Alienware m15 R2
Hardware solutions /
Firmware
Alienware m17 R2
Hardware solutions /
Firmware
Realtek High Definition Audio Driver
Hardware solutions /
Drivers
Realtek Audio Console Application
Client/Desktop applications /
Other client software
Vendor: Dell
Description
The vulnerability allows a local user to escalate privileges on the system
The vulnerability exists due to improper access restrictions. A local user can wait for an administrator to launch the application, attach to this process and execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
| Product | Module | Update Version | Release Date |
| Alienware m15 Ryzen Edition R5 | Realtek High Definition Audio Driver | 6.0.9433.1 | 12-13-2022 |
| Alienware m15 R6 | Realtek High Definition Audio Driver | 6.0.9400.1 | 10-20-2022 |
| Dell G5 5090 | Realtek High Definition Audio Driver | 6.0.9394.1 | 10-13-2022 |
| Dell G5 5000 | Realtek High Definition Audio Driver | 6.0.9394.1 | 10-13-2022 |
| Alienware Area 51m R2 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-19-2022 |
| Dell G7 7500 | Realtek High Definition Audio Driver | 6.0.9407.1 | 10-18-2022 |
| Dell G7 7700 | Realtek High Definition Audio Driver | 6.0.9407.1 | 10-18-2022 |
| Alienware x15 R1 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9388.1 1.37.275.0 |
09-12-2022 |
| Alienware x17 R1 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9388.1 1.37.275.0 |
09-12-2022 |
| Alienware m15 R1 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-13-2022 |
| Alienware m17 R1 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-13-2022 |
| Dell Gaming G3 3590 | Realtek High Definition Audio Driver | 6.0.9254.1 | 10-25-2022 |
| Dell G3 3500 | Realtek High Definition Audio Driver | 6.0.9422.1 | 10-31-2022 |
| Dell G5 5500 | Realtek High Definition Audio Driver | 6.0.9422.1 | 10-31-2022 |
| Alienware Area 51m R1 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-19-2022 |
| Alienware Aurora R8 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-12-2022 |
| Dell G15 5515 | Realtek High Definition Audio Driver | 6.0.9433.1 | 12-13-2022 |
| Dell G15 5510 | Realtek High Definition Audio Driver | 6.0.9400.1 | 10-27-2022 |
| Dell G15 5511 | Realtek High Definition Audio Driver | 6.0.9400.1 | 10-26-2022 |
| Alienware Aurora R10 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-12-2022 |
| Alienware Aurora R9 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-13-2022 |
| Alienware Aurora R11 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-12-2022 |
| Alienware Aurora R12 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-12-2022 |
| Alienware m15 R3 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-19-2022 |
| Alienware m15 R4 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-19-2022 |
| Alienware m17 R3 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-19-2022 |
| Alienware m17 R4 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-19-2022 |
| Dell G5 5590 | Realtek High Definition Audio Driver | 6.0.9394.1 | 10-11-2022 |
| Dell G7 7590 | Realtek High Definition Audio Driver | 6.0.9394.1 | 10-11-2022 |
| Dell G7 7790 | Realtek High Definition Audio Driver | 6.0.9394.1 | 10-11-2022 |
| Alienware Aurora R13 | Realtek High Definition Audio Driver | 6.0.9388.1 | 10-12-2022 |
| Alienware m15 R2 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-19-2022 |
| Alienware m17 R2 | Realtek High Definition Audio Driver Realtek Audio Console Application |
6.0.9394.1 1.37.275.0 |
10-19-2022 |
Vulnerable software versions
Alienware m15 Ryzen Edition R5: All versions
Alienware m15 R6: All versions
Dell G5 5090: All versions
Dell G5 5000: All versions
Alienware Area 51m R2: All versions
Dell G7 7500: All versions
Dell G7 7700: All versions
Alienware x15 R1: All versions
Alienware x17 R1: All versions
Alienware m15 R1: All versions
Alienware m17 R1: All versions
Dell Gaming G3 3590: All versions
Dell G3 3500: All versions
Dell G5 5500: All versions
Alienware Area 51m R1: All versions
Alienware Aurora R8: All versions
Dell G15 5515: All versions
Dell G15 5510: All versions
Dell G15 5511: All versions
Alienware Aurora R10: All versions
Alienware Aurora R9: All versions
Alienware Aurora R11: All versions
Alienware Aurora R12: All versions
Alienware m15 R3: All versions
Alienware m15 R4: All versions
Alienware m17 R3: All versions
Alienware m17 R4: All versions
Dell G5 5590: All versions
Dell G7 7590: All versions
Dell G7 7790: All versions
Alienware Aurora R13: All versions
Alienware m15 R2: All versions
Alienware m17 R2: All versions
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
