CVE-2019-3745

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Encryption Enterprise; Dell Endpoint Security Suite Enterprise
Vendor: CVE Published:; 7 October 2019

Summary

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

Affected Version(s)

Dell Encryption Enterprise < 10.4.0

Dell Endpoint Security Suite Enterprise < 2.4.0

References

https://www.dell.com/support/article/SLN318889

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 7, 2019
Vulnerability Reserved
Jan 3, 2019