Dell Command Update <=4.9.0 insecure junction mount point => DOS
CVE-2023-28071 Published on June 23, 2023

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-28071 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

CWE-1386

Products Associated with CVE-2023-28071

Want to know whenever a new CVE is published for Dell Command Update? stack.watch will email you.

Dell Command Update

Affected Versions

Dell Command Update (DCU) Version 4.9.0, A01 and Prior is affected by CVE-2023-28071

Exploit Probability

EPSS

0.04%

Percentile

13.15%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Dell Command Update <=4.9.0 insecure junction mount point => DOSCVE-2023-28071 Published on June 23, 2023

Vulnerability Analysis

Weakness Type

Products Associated with CVE-2023-28071

Affected Versions

Exploit Probability

Dell Command Update <=4.9.0 insecure junction mount point => DOS
CVE-2023-28071 Published on June 23, 2023