Dell Endpoint Security <11.8.1: Insecure Windows Junction Priv Esc
CVE-2023-39246 Published on November 16, 2023

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-39246 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is a Symlink following Vulnerability?

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files. A software system that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.

CVE-2023-39246 has been classified to as a Symlink following vulnerability or weakness.


Products Associated with CVE-2023-39246

stack.watch emails you whenever new vulnerabilities are published in Dell Endpoint Security Suite Enterprise or Dell Encryption. Just hit a watch button to start following.

Dell Endpoint Security Suite Enterprise
 
Dell Encryption
 

Affected Versions

Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows) Version Versions prior to 11.8.1 is affected by CVE-2023-39246

Exploit Probability

EPSS
0.02%
Percentile
5.79%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.