Privilege Escalation Vulnerability in Dell Encryption
CVE-2023-32479

6.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Encryption; Dell Endpoint Security Suite Enterprise; Dell Security Management Server (windows)
Vendor: CVE Published:; 6 February 2024

Summary

A privilege escalation vulnerability exists in specific versions of Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server. This issue arises from improper access control list (ACL) configurations within the non-default installation directory of these products. A local attacker with malicious intent could exploit this vulnerability by replacing binaries in the affected directory. Such an exploit could lead to a reverse shell on the system, allowing the attacker to gain elevated privileges and perform unauthorized actions.

Affected Version(s)

Dell Encryption 0 < 11.9.0

Dell Endpoint Security Suite Enterprise 0 < 11.9.0

Dell Security Management Server (Windows) 0 < 11.9.0

References

https://www.dell.com/support/kbdoc/en-us/000215881/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
May 9, 2023

Credit

Pwni