CVE-2023-22576: 
Dell Repository Manager vulnerability analysis and mitigation

CVE-2023-22576 is a Local Privilege Escalation Vulnerability affecting Dell Repository Manager (DRM) version 3.4.2 and earlier. The vulnerability was discovered in the Installation module and was disclosed in January 2023 (Dell Advisory).

The vulnerability has a CVSS Base Score of 7.0 (High) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability requires local access and low privileges to exploit, but no user interaction is needed. The scope is unchanged, and successful exploitation can lead to high impacts on confidentiality, integrity, and availability (Dell Advisory).

A successful exploitation of this vulnerability could allow a local low-privileged attacker to execute arbitrary executables on the operating system with high privileges. This could potentially lead to complete system compromise and service unavailability (Dell Advisory).

Dell has released version 3.4.3 of the Dell Repository Manager to address this vulnerability. As a workaround, installing DRM in the default path (such as C:\Program Files) prevents the vulnerability from being exploited (Dell Advisory).

The vulnerability was responsibly disclosed by security researcher Marius Gabriel Mihai (Dell Advisory).