// For flags

CVE-2023-39246

 

Severity Score

7.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation

Dell Encryption, Dell Endpoint Security Suite Enterprise y Dell Security Management Server versiones anteriores a 11.8.1 contienen una vulnerabilidad de operación insegura en Windows Junction durante la instalación. Un usuario malintencionado local podría explotar esta vulnerabilidad para crear una carpeta arbitraria dentro de un directorio restringido, lo que provocaría una escalada de privilegios.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-07-26 CVE Reserved
  • 2023-11-16 CVE Published
  • 2023-11-17 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
  • CWE-61: UNIX Symbolic Link (Symlink) Following
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.dell.com/support/kbdoc/en-us/000217572/dsa-2023-271 2023-11-29
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
 Security Management Server
Search vendor "Dell" for product "Security Management Server"
 < 11.8.1
Search vendor "Dell" for product "Security Management Server" and version " < 11.8.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Dell
Search vendor "Dell"
 Endpoint Security Suite Enterprise
Search vendor "Dell" for product "Endpoint Security Suite Enterprise"
 < 11.8.1
Search vendor "Dell" for product "Endpoint Security Suite Enterprise" and version " < 11.8.1"
-
Affected
Dell
Search vendor "Dell"
 Encryption
Search vendor "Dell" for product "Encryption"
 < 11.8.1
Search vendor "Dell" for product "Encryption" and version " < 11.8.1"
enterprise
Affected