CVE-2024-28962: 
Dell Command Update vulnerability analysis and mitigation

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability identified as CVE-2024-28962. The vulnerability was discovered and disclosed in August 2024, affecting multiple Dell update applications. This security issue impacts the Universal Windows Platform versions for Windows 11, Windows 10 32-bit and 64-bit systems (Dell Advisory).

The vulnerability is classified as an Exposed Dangerous Method or Function vulnerability. It has received varying CVSS v3.1 severity ratings, with the NVD assigning a base score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), while Dell's assessment places it at 6.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). The vulnerability requires no user interaction or privileges for exploitation and can be accessed remotely (NVD).

The exploitation of this vulnerability could lead to denial of service in the affected systems. Additionally, according to Dell's assessment, successful exploitation could result in low-level impacts on both system integrity and availability (Dell Advisory).

Dell has released version 5.4 of the affected applications as a security update to address this vulnerability. The fix was released on July 31, 2024, and is available for all affected products including Dell Command | Update, Dell Update, and Alienware Update. No alternative workarounds are available (Dell Advisory).

Dell Technologies has acknowledged Skyler Ferrante for reporting this security issue (Dell Advisory).