CVE-2023-32479

Published: Feb 6, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Affected (3)

Products: Dell: Encryption, Endpoint Security Suite Enterprise, Security Management Server

3 products

Endpoint Security Suite Enterprise

Security Management Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Encryption	Before 11.9.0
Dell Endpoint Security Suite Enterprise	Before 11.9.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Security Management Server	Before 11.9.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.