CVE-2019-3749
5.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
Summary
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | Dell Command Update (DCU) | unspecified < 3.1 | affected |
Weaknesses
- CWE-427: CWE-427: Uncontrolled Search Path Element
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.