Dell Display Manager Vulnerability Allows Arbitrary File/Folder Deletion
CVE-2023-32474

6.6MEDIUM

Key Information:

Vendor: Dell
Status: Dell Display Manager
Vendor: CVE Published:; 6 February 2024

Summary

The Dell Display Manager application is impacted by a vulnerability due to an insecure operation involving Windows junctions and mount points. A local malicious actor may leverage this flaw to manipulate the installation process, ultimately resulting in arbitrary deletion of files or directories. This poses a significant risk for users who might unknowingly open their systems to exploitation during the installation or update phases of the application.

Affected Version(s)

Dell Display Manager 0 <= 2.1.1.17

References

https://www.dell.com/support/kbdoc/en-us/000215216/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
May 9, 2023

Credit

Marius Gabriel Mihai