Insecure File and Folder Permissions in PowerPath for Windows by Dell
CVE-2023-28079

7.8HIGH

Key Information:

Vendor: Dell
Status: PowerPath Windows
Vendor: CVE Published:; 30 May 2023

Summary

PowerPath for Windows, including versions 7.0, 7.1, and 7.2, exhibits an insecure file and folder permissions vulnerability. This flaw allows a regular user, lacking administrative rights, to exploit inadequate permissions to escalate their privileges. By doing so, they can execute arbitrary code within the context of NT AUTHORITY\SYSTEM, potentially compromising system integrity and security.

Affected Version(s)

PowerPath Windows 7.0, 7.1 & 7.2

References

https://www.dell.com/support/kbdoc/en-us/000214248/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 30, 2023
Vulnerability Reserved
Mar 10, 2023