CVE-2023-28070: 
Dell Alienware Command Center vulnerability analysis and mitigation

CVE-2023-28070 is an improper access control vulnerability affecting Alienware Command Center Application versions 5.5.43.0 and prior. The vulnerability was disclosed on May 3, 2023, and impacts Dell's Alienware Command Center software (NVD, Dell Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, high attack complexity, low privileges, and user interaction. The scope is unchanged, but potential impacts on confidentiality, integrity, and availability are all rated as high (Dell Advisory).

If exploited, this vulnerability could allow a local malicious user to achieve privilege escalation during the installation or update process of the Alienware Command Center Application. The vulnerability has high potential impact on system confidentiality, integrity, and availability (NVD, Dell Advisory).

Dell has released version 5.5.46.0 of the Alienware Command Center Application to address this vulnerability. Users are advised to update to this version. No workarounds are available for this vulnerability (Dell Advisory).

Dell Technologies acknowledged Marius Gabriel Mihai for reporting this security issue (Dell Advisory).