CVE-2023-43086 – Dell Command | Configure versions before 4.11.0... (How to Fix)

Q: What is the severity of CVE-2023-43086?

CVE-2023-43086 has a CVSS score of 7.3 (HIGH). Dell Command | Configure versions before 4.11.0 have an improper access control vulnerability that allows local malicious users to modify files during application upgrades. This can lead to privilege escalation on affected systems. Only users with local access to vulnerable systems are affected.

📋 TL;DR

Dell Command | Configure versions before 4.11.0 have an improper access control vulnerability that allows local malicious users to modify files during application upgrades. This can lead to privilege escalation on affected systems. Only users with local access to vulnerable systems are affected.

💻 Affected Systems

Products:

Dell Command | Configure

Versions: All versions prior to 4.11.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Dell systems running vulnerable versions of Dell Command | Configure software.

📦 What is this software?

Command\|configure by Dell

View all CVEs affecting Command\|configure →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM/root privileges, enabling complete system compromise, data theft, persistence, and lateral movement.

🟠

Likely Case

Local user elevates privileges to install malware, modify system configurations, or access restricted data.

🟢

If Mitigated

Attack fails due to proper access controls, monitoring, or the system being patched.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.

🏢 Internal Only: HIGH - Internal users with local access can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and knowledge of the vulnerability during upgrade processes.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.11.0 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000218424/dsa-2023-387-security-update-for-a-dell-command-configure-vulnerability

Restart Required: Yes

Instructions:

1. Download Dell Command | Configure version 4.11.0 or later from Dell Support. 2. Run the installer as administrator. 3. Follow on-screen instructions. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict local access

windows

Limit local user access to systems running vulnerable versions.

Monitor installation folder permissions

windows

Set strict permissions on Dell Command | Configure installation folder and monitor for changes.

icacls "C:\Program Files\Dell\CommandConfigure" /deny Users:(OI)(CI)F

🧯 If You Can't Patch

Remove Dell Command | Configure if not required for system functionality.
Implement strict access controls and monitoring for local user activities.

🔍 How to Verify

Check if Vulnerable:

Check Dell Command | Configure version in Programs and Features or via 'wmic product get name,version' command.

Check Version:

wmic product where "name like 'Dell Command%Configure%'" get name,version

Verify Fix Applied:

Verify installed version is 4.11.0 or later using same method as checking.

📡 Detection & Monitoring

Log Indicators:

Unauthorized file modifications in Dell Command | Configure installation directory during upgrade events
Unexpected privilege escalation events from standard user accounts

Network Indicators:

No network indicators - this is a local attack

SIEM Query:

EventID=4688 AND (ProcessName LIKE '%CommandConfigure%' OR CommandLine LIKE '%CommandConfigure%') AND NewProcessName LIKE '%powershell%' OR NewProcessName LIKE '%cmd%'

📊 Metadata

CVE ID: CVE-2023-43086

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: November 23, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43086, you might also want to check these: