CVE-2023-39246
4.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
Summary
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows) | Versions prior to 11.8.1 | affected |
Weaknesses
- CWE-61: CWE-61: UNIX Symbolic Link (Symlink) Following
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.