Advisory for Dell Security Update

  • NIC-CERT/2022-12/514
  • Date: 2022-12-20
  • CVE ID: Multiple
  • Severity: Critical

Description:

A vulnerability has been found in dell product which could allow an attacker to take control of the affected system.

Security Issues fixed:

Dell OpenManage Server Administrator (OMSA), Dell Wyse Management Suite (WMS),Dell Client Consumer remediation is available for DLL Injection Vulnerability and Dell Client Consumer platform remediation is available for Realtek High-Definition Audio Driver vulnerability, Dell NetWorker Management Console remediation is available for Apache Vulnerability in port 9090 that may be exploited by malicious users to compromise the affected system.

Details:

Proprietary Code CVEs

Description

CVE-2022-34396

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attackermay potentially exploit thisvulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

CVE-2022-46754

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.

CVE-2022-46755

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially edit general client policy for which the user is not authorized.

CVE-2022-46677

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially create a subgroup under a group for which the admin is not authorized.

CVE-2022-46678

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. An authenticated malicious admin user may potentially edit general client policy for which the user is not authorized.

CVE-2022-46676

Wyse Management Suite 3.8 and earlier contain an improper access control vulnerability. A malicious admin user may potentially disable or delete users under administration and unassigned admins for which the group admin is not authorized.

CVE-2022-46675

Wyse Management Suite Repository 3.8 and earlier contain an information disclosure vulnerability in error pages with which an attacker may potentially discover the internal structure of the application and its components and use this information for further vulnerability research.

CVE-2022-34405

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated attacker may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

  1. Affected Products and Solution:

Product

Affected Versions

Updated Versions

Link To Update

Dell OpenManage Server Administrator (OMSA)

Version 10.3.0.0 and earlier

Dell OpenManage Server Administrator hotfix 246014 for Windows

https://www.dell.com/support/home/drivers/driversdetails?driverid=VR638


Dell Wyse Management Suite

3.8 and earlier

4.0

Dell Wyse Management Suite

Dell Wyse Management Suite Repository

3.8 and earlier

4.0

Dell Wyse Management Suite Repository


Product

Affected Versions

Updated Versions or later

Link to Update

R6515

Before 2.9.3

2.9.3

R6515 Drivers & Downloads

R7515

Before 2.9.3

2.9.3

R7515 Drivers & Downloads

R6525

Before 2.9.3

2.9.3

R6525 Drivers & Downloads

R7525

Before 2.9.3

2.9.3

R7525 Drivers & Downloads

XE8545

Before 2.9.4

2.9.4

XE8545 Drivers & Downloads

C6525

Before 2.9.4

2.9.4

C6525 Drivers & Downloads

R6415

Before 1.19.0

1.19.0

R6415 Drivers & Downloads

R7415

Before 1.19.0

1.19.0

R7415 Drivers & Downloads

R7425

Before 1.19.0

1.19.0

R7425 Drivers & Downloads

R750

Before 1.8.2

1.8.2

R750 Drivers & Downloads

R750XA

Before 1.8.2

1.8.2

R750XA Drivers & Downloads

R650

Before 1.8.2

1.8.2

R650 Drivers & Downloads

C6520

Before 1.8.2

1.8.2

C6520 Drivers & Downloads

MX750c

Before 1.8.2

1.8.2

MX750c Drivers & Downloads

R450

Before 1.8.2

1.8.2

R450 Drivers & Downloads

R550

Before 1.8.2

1.8.2

R550 Drivers & Downloads

R650xs

Before 1.8.2

1.8.2

R650xs Drivers & Downloads

R750xs

Before 1.8.2

1.8.2

R750xs Drivers & Downloads

T550

Before 1.8.2

1.8.2

T550 Drivers & Downloads

XR11

Before 1.8.2

1.8.2

XR11 Drivers & Downloads

XR12

Before 1.8.2

1.8.2

XR12 Drivers & Downloads

R250

Before 1.4.2

1.4.2

R250 Drivers & Downloads

R350

Before 1.4.2

1.4.2

R350 Drivers & Downloads

T150

Before 1.4.2

1.4.2

T150 Drivers & Downloads

T350

Before 1.4.2

1.4.2

T350 Drivers & Downloads

R740

Before 2.16.1

2.16.1

R740 Drivers & Downloads

R740XD

Before 2.16.1

2.16.1

R740XD Drivers & Downloads

R640

Before 2.16.1

2.16.1

R640 Drivers & Downloads

R940

Before 2.16.1

2.16.1

R940 Drivers & Downloads

R540

Before 2.16.1

2.16.1

R540 Drivers & Downloads

R440

Before 2.16.1

2.16.1

R440 Drivers & Downloads

T440

Before 2.16.1

2.16.1

T440 Drivers & Downloads

XR2

Before 2.16.1

2.16.1

XR2 Drivers & Downloads

R740XD2

Before 2.16.1

2.16.1

R740XD2 Drivers & Downloads

R840

Before 2.16.1

2.16.1

R840 Drivers & Downloads

R940XA

Before 2.16.1

2.16.1

R940XA Drivers & Downloads

T640

Before 2.16.1

2.16.1

T640 Drivers & Downloads

C6420

Before 2.16.1

2.16.1

C6420 Drivers & Downloads

FC640

Before 2.16.1

2.16.1

FC640 Drivers & Downloads

M640

Before 2.16.1

2.16.1

M640 Drivers & Downloads

M640P

Before 2.16.1

2.16.1

M640P Drivers & Downloads

MX740C

Before 2.16.1

2.16.1

MX740C Drivers & Downloads

MX840C

Before 2.16.1

2.16.1

MX840C Drivers & Downloads

C4140

Before 2.16.1

2.16.1

C4140 Drivers & Downloads

DSS8440

Before 2.16.1

2.16.1

DSS8440 Drivers & Downloads

T140

Before 2.11.1

2.11.1

T140 Drivers & Downloads

T340

Before 2.11.1

2.11.1

T340 Drivers & Downloads

R240

Before 2.11.1

2.11.1

R240 Drivers & Downloads

R340

Before 2.11.1

2.11.1

R340 Drivers & Downloads

XE2420

Before 2.16.0

2.16.0

XE2420 Drivers & Downloads

XE7420

Before 2.16.1

2.16.1

XE7420 Drivers & Downloads

XE7440

Before 2.16.1

2.16.1

XE7440 Drivers & Downloads

R730

Before 2.16.0

2.16.0

R730 Drivers & Downloads

R730xd

Before 2.16.0

2.16.0

R730XD Drivers & Downloads

R630

Before 2.16.0

2.16.0

R630 Drivers & Downloads

C4130

Before 2.16.0

2.16.0

C4130 Drivers & Downloads

R930

Before 2.16.0

2.11.0

R930 Drivers & Downloads

M630

Before 2.16.0

2.16.0

M630 Drivers & Downloads

M630p

Before 2.16.0

2.16.0

M630P Drivers & Downloads

FC630

Before 2.16.0

2.16.0

FC630 Drivers & Downloads

FC430

Before 2.16.0

2.16.0

FC430 Drivers & Downloads

M830

Before 2.16.0

2.16.0

M830 Drivers & Downloads

M830p

Before 2.16.0

2.16.0

M830P Drivers & Downloads

FC830

Before 2.16.0

2.16.0

FC830 Drivers & Downloads

T630

Before 2.16.0

2.16.0

T630 Drivers & Downloads

R530

Before 2.16.0

2.16.0

R530 Drivers & Downloads

R430

Before 2.16.0

2.16.0

R430 Drivers & Downloads

T430

Before 2.16.0

2.16.0

T430 Drivers & Downloads

R830

Before 1.16.0

1.16.0

R830 Drivers & Downloads

C6320

Before 2.16.0

2.16.0

C6320 Drivers & Downloads

T130

Before 2.16.0

2.16.0

T130 Drivers & Downloads

R230

Before 2.16.0

2.16.0

R230 Drivers & Downloads

T330

Before 2.16.0

2.16.0

T330 Drivers & Downloads

R330

Before 2.16.0

2.16.0

R330 Drivers & Downloads

NetWorker

19.7.x and earlier

19.8

https://www.dell.com/support/home/en-in/product-support/product/networker/drivers

Dell Data Protection Central

19.1

19.8

To upgrade your Dell Data Protection Central system, see Dell KB article 34881:Data Protection Central: How to Install the Data Protection Central operating system Updatefor installation instructions.

See the latest 'Data Protection Central OS Update' file inhttps://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.

See the latest 'Data Protection Central OS Updates Release Notes' inhttps://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.

19.2

19.8

19.3

19.8

19.4

19.8

19.5

19.8

19.6

19.8

19.7

19.8

PowerProtect DP Series Appliance (Integration Data Protection Appliance)

2.5

2.7.x

To upgrade your PowerProtect DP Series Appliance Dell Data Protection Central component, see Dell KB article34881:Data Protection Central: How to Install the Data Protection Central operating system Updatefor installation instructions.

See the latest 'Data Protection Central OS Update' file inhttps://www.dell.com/support/home/en-us/product-support/product/data-protection-central/drivers.

See the latest 'Data Protection Central OS Updates Release Notes' inhttps://www.dell.com/support/home/en-us/product-support/product/data-protection-central/docs.

2.6.x

2.7.x

2.7.x

2.7.x

Product

Affected Versions

Updated Versions

Link to Update

NetWorker Management Console

19.4.x
19.5.x
19.6.x

19.7 and later releases

Support for NetWorker | Drivers & Downloads | Dell India

Product

BIOS Update Version

BIOS Release Date

Alienware m15 R6

1.17.0

10-19-2022

Alienware m15 R7

1.4.3

09-29-2022

Alienware m15 Ryzen Edition R5

1.8.0

10-26-2022

Alienware m17 R5 AMD

1.4.3

09-29-2022

Dell G15 5510

1.16.0

10-11-2022

Dell G15 5511

1.18.0

10-11-2022

Dell G15 5515

1.8.0

10-26-2022

Dell G15 5525

1.4.3

09-29-2022

Dell G5 SE 5505

1.13.0

11-08-2022

Inspiron 14 5410 2-in-1

2.15.2

11-15-2022

Inspiron 15 3511

1.18.2

11-21-2022

Inspiron 3195 2-in-1

1.6.0

10-26-2022

Inspiron 3275

1.9.2

10-05-2022

Inspiron 3475

1.9.2

10-05-2022

Inspiron 3505

1.9.0

10-11-2022

Inspiron 3515

1.9.0

10-11-2022

Inspiron 3525

1.5.0

10-13-2022

Inspiron 3585

1.10.0

10-26-2022

Inspiron 3595

1.5.0

10-26-2022

Inspiron 3785

1.10.0

10-26-2022

Inspiron 3891

1.12.0

10-17-2022

Inspiron 5310

2.15.0

10-11-2022

Inspiron 5405

1.9.0

11-08-2022

Inspiron 5410

2.14.0

10-07-2022

Inspiron 5415

1.13.0

11-08-2022

Inspiron 5425

1.5.0

10-11-2022

Inspiron 5485

2.11.0

10-26-2022

Inspiron 5485 2-in-1

2.11.0

10-26-2022

Inspiron 5505

1.9.0

11-08-2022

Inspiron 5510

2.15.2

11-15-2022

Inspiron 5515

1.13.0

11-08-2022

Inspiron 5585

2.11.0

10-26-2022

Inspiron 7405 2-in-1

1.10.1

12-01-2022

Inspiron 7415

1.13.0

11-09-2022

Inspiron 7425

1.5.0

10-11-2022

Inspiron 7510

1.12.0

10-12-2022

Inspiron 7610

1.12.0

10-12-2022

Latitude 3320

1.18.2

11-15-2022

Latitude 3420

1.23.2

11-07-2022

Latitude 3520

1.23.2

11-07-2022

Latitude 5320

1.24.3

11-16-2022

Latitude 5420

1.22.0

10-17-2022

Latitude 5520

1.24.3

11-16-2022

Latitude 5521

1.17.3

11-16-2022

Latitude 7320

1.20.0

10-17-2022

Latitude 7320 Detachable

1.17.2

11-22-2022

Latitude 7420

1.20.0

10-17-2022

Latitude 7520

1.20.0

10-17-2022

Latitude 9420

1.16.2

11-22-2022

Latitude 9520

1.17.0

10-17-2022

Latitude Rugged 5430

1.12.0

10-11-2022

Latitude Rugged 7330

1.12.0

10-11-2022

Latitude 5421

1.15.0

10-17-2022

OptiPlex 3090 Ultra

1.15.0

10-12-2022

OptiPlex 5090

1.12.0

10-17-2022

OptiPlex 5490 All-In-One

1.15.0

10-11-2022

OptiPlex 7090 Tower

1.12.0

10-11-2022

OptiPlex 7090 Ultra

1.15.0

10-12-2022

OptiPlex 7490 AIO

1.15.0

10-11-2022

Precision 3450

1.12.0

10-11-2022

Precision 3560

1.24.3

11-16-2022

Precision 3561

1.17.3

11-16-2022

Precision 3650 Tower

1.16.0

10-11-2022

Precision 5560

1.15.2

11-21-2022

Precision 5760

1.15.2

11-16-2022

Precision 7560

1.16.0

10-14-2022

Precision 7760

1.16.0

10-14-2022

Vostro 3405

1.9.0

10-11-2022

Vostro 3425

1.5.0

10-13-2022

Vostro 3510

1.18.2

11-21-2022

Vostro 3515

1.9.0

10-11-2022

Vostro 3525

1.5.0

10-13-2022

Vostro 3690

1.12.0

10-17-2022

Vostro 3890

1.12.0

10-17-2022

Vostro 5310

2.15.0

10-11-2022

Vostro 5410

2.15.2

11-15-2022

Vostro 5415

1.13.0

11-08-2022

Vostro 5510

2.15.2

11-15-2022

Vostro 5515

1.13.0

11-08-2022

Vostro 5625

1.5.0

10-11-2022

Vostro 5890

1.12.0

10-11-2022

Vostro 7510

1.12.0

10-12-2022

XPS 15 9510

1.15.2

11-21-2022

XPS 17 9710

1.15.2

11-14-2022

References:

https://www.dell.com/support/security/en-in