CVE-2023-23698: 
Dell Command Update vulnerability analysis and mitigation

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain an Insecure Operation on Windows Junction vulnerability in the installer component. The vulnerability was disclosed on February 6, 2023, and was assigned identifier CVE-2023-23698. The affected software includes Dell Command | Update, Dell Update, and Alienware Update applications for Windows 10 systems (Dell Advisory).

The vulnerability is classified as an Insecure Operation on Windows Junction (CWE-1386) in the installer component. It has been assigned a CVSS v3.1 base score of 7.1 HIGH by NIST with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, while Dell assigned it a medium severity score of 5.5 with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

If exploited, this vulnerability could allow a local malicious user to perform arbitrary file deletion on the affected system. The vulnerability specifically impacts the system's file integrity and availability, with no direct impact on confidentiality (Dell Advisory).

Dell has released version 4.8.0 of the affected software as a security update to address this vulnerability. Users are advised to upgrade to the Universal Windows Platform version 4.8.0 for Windows 10 32-bit and 64-bit systems (Dell Advisory).

Dell Technologies acknowledged the security researcher ycdxsb for reporting this vulnerability (Dell Advisory).