Insecure Operation Vulnerability in Dell Encryption Products
CVE-2023-39246

7.3HIGH

Key Information:

Vendor: Dell
Status: Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows)
Vendor: CVE Published:; 16 November 2023

What is CVE-2023-39246?

Dell Encryption and its related products, such as Dell Endpoint Security Suite Enterprise and Dell Security Management Server, are impacted by a vulnerability during the installation process. This flaw allows a local malicious user to exploit insecure operations on Windows Junctions, potentially creating arbitrary folders within restricted directories. Such an exploit could lead to privilege escalation, enabling unauthorized access and manipulation of system resources.

Affected Version(s)

Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows) SW Versions prior to 11.8.1

References

https://www.dell.com/support/kbdoc/en-us/000217572/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Jul 26, 2023