CVE-2023-32451: 
Dell Display Manager vulnerability analysis and mitigation

Dell Display Manager application version 2.1.1.17 contains a critical security vulnerability identified as CVE-2023-32451. The vulnerability was disclosed on February 6, 2024, and allows low-privileged users to execute malicious code during the installation and uninstallation processes of the application (Dell Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH by NVD with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Dell assigned it a score of 7.3 HIGH with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-269 (Improper Privilege Management) by NIST and CWE-272 (Least Privilege Violation) by Dell (NVD).

If exploited, this vulnerability could allow a low-privileged user to execute malicious code with elevated privileges during the installation or uninstallation process of Dell Display Manager. This could potentially lead to complete system compromise, affecting the confidentiality, integrity, and availability of the system (Dell Advisory).

Dell has released version 2.1.1.21 of the Display Manager software on July 4, 2023, which addresses this vulnerability. Dell recommends all customers update to this version at the earliest opportunity. No workarounds are available for this vulnerability (Dell Advisory).