CVE-2023-39246

Severity CVSS v4.0:
Pending analysis
Type:
CWE-59 Link Following
Publication date:
16/11/2023
Last modified:
29/11/2023

Description

<br /> Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation<br /> <br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dell:endpoint_security_suite_enterprise:*:*:*:*:*:*:*:* 11.8.1 (excluding)
cpe:2.3:a:dell:encryption:*:*:*:*:enterprise:*:*:* 11.8.1 (excluding)
cpe:2.3:a:dell:security_management_server:*:*:*:*:*:*:*:* 11.8.1 (excluding)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools