CVE-2023-39246
Severity CVSS v4.0:
Pending analysis
Type:
CWE-59
Link Following
Publication date:
16/11/2023
Last modified:
29/11/2023
Description
<br />
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation<br />
<br />
Impact
Base Score 3.x
7.30
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dell:endpoint_security_suite_enterprise:*:*:*:*:*:*:*:* | 11.8.1 (excluding) | |
| cpe:2.3:a:dell:encryption:*:*:*:*:enterprise:*:*:* | 11.8.1 (excluding) | |
| cpe:2.3:a:dell:security_management_server:*:*:*:*:*:*:*:* | 11.8.1 (excluding) | |
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



