Primary

Context

Dell ControlVault3 and ControlVault3 Plus Deserialization Vulnerability Leading to Arbitrary Code Execution

Vulnerability

Patched

A deserialization vulnerability allowing arbitrary code execution exists in Dell ControlVault3 versions prior to 5.15.10.14 and in ControlVault3 Plus versions prior to 6.2.26.36. The issue arises in the 'cvhDecapsulateCmd' function, where a specially crafted response from ControlVault can be exploited. An attacker could compromise ControlVault firmware to create a malicious response that triggers this vulnerability.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution on the affected system.

Remediation

Users can update to Dell ControlVault3 version 5.15.10.14 or later, or to Dell ControlVault3 Plus version 6.2.26.36 or later. Instructions for downloading the updated versions are available on the Dell Drivers & Downloads site.

Added: Jun 13, 2025, 10:25 PM

Updated: Jun 13, 2025, 10:25 PM

Affected Products

Dell Latitude 5300

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5300:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5300 2-in-1

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5300_2-in-1:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5310

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5310:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5310 2-in-1

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5310_2-in-1:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5320

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5320:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5330

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5330:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5340

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5340:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5400

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5400:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5401

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5401:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5410

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5410:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5411

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5411:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5420

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5420:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5421

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5421:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5430

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5430:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5430 Rugged Laptop

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5430_rugged_laptop:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5440

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5440:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5450

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5450:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5500

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5500:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5510

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5510:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5520

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5520:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5530

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5530:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5540

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5540:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 5550

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_5550:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 7030 Rugged Extreme

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_7030_rugged_extreme:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 7200 2-In-1

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_7200_2-in-1:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 7210 2-in-1

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_7210_2-in-1:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 7220 Rugged Extreme

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_7220_rugged_extreme:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Dell Latitude 7230 Rugged Extreme

Moderate fix1 remedy

cpe:2.3:h:dell:latitude_7230_rugged_extreme:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 5.15.10.14

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dell ControlVault3 and ControlVault3 Plus Deserialization Vulnerability Leading to Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Dell Latitude 5300

Dell Latitude 5300 2-in-1

Dell Latitude 5310

Dell Latitude 5310 2-in-1

Dell Latitude 5320

Dell Latitude 5330

Dell Latitude 5340

Dell Latitude 5400

Dell Latitude 5401

Dell Latitude 5410

Dell Latitude 5411

Dell Latitude 5420

Dell Latitude 5421

Dell Latitude 5430

Dell Latitude 5430 Rugged Laptop

Dell Latitude 5440

Dell Latitude 5450

Dell Latitude 5500

Dell Latitude 5510

Dell Latitude 5520

Dell Latitude 5530

Dell Latitude 5540

Dell Latitude 5550

Dell Latitude 7030 Rugged Extreme

Dell Latitude 7200 2-In-1

Dell Latitude 7210 2-in-1

Dell Latitude 7220 Rugged Extreme

Dell Latitude 7230 Rugged Extreme

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating