Local Code Execution Risk in Dell Encryption and Endpoint Security Installers
CVE-2019-3745

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Encryption Enterprise; Dell Endpoint Security Suite Enterprise
Vendor: CVE Published:; 7 October 2019

Summary

A vulnerability exists in the installers of Dell Encryption Enterprise and Dell Endpoint Security Suite Enterprise prior to specific versions, where a low privileged authenticated user can exploit the system by placing a malicious DLL in the installer’s search path before an administrator runs the installation. This allows the execution of arbitrary code with elevated privileges, potentially compromising system security during the setup process.

Affected Version(s)

Dell Encryption Enterprise < 10.4.0

Dell Endpoint Security Suite Enterprise < 2.4.0

References

https://www.dell.com/support/article/SLN318889

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 7, 2019
Vulnerability Reserved
Jan 3, 2019