Incorrect Default Permissions in PowerProtect Agent for File System by Dell
CVE-2023-43081

4MEDIUM

Key Information:

Vendor: Dell
Status: Powerprotect Agent For File System
Vendor: CVE Published:; 22 November 2023

What is CVE-2023-43081?

The PowerProtect Agent for File System versions 19.14 and earlier by Dell suffers from an incorrect default permissions vulnerability in its ddfscon component. This flaw allows a local attacker with low privileges to potentially exploit the system by overwriting log files. Proper permissions need to be enforced to prevent unauthorized access and ensure the integrity of the application.

Affected Version(s)

PowerProtect Agent for File System Versions prior to 19.14

References

https://www.dell.com/support/kbdoc/en-us/000219782/dsa-20...

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Sep 15, 2023

CVE-2023-43081 Data

JSON