admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-39246.md

18 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-39246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39246)
![](https://img.shields.io/static/v1?label=Product&message=Dell%20Encryption%2C%20Dell%20Endpoint%20Security%20Suite%20Enterprise%2C%20Dell%20Security%20Management%20Server%20(Windows)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20Versions%20prior%20to%2011.8.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-61%3A%20UNIX%20Symbolic%20Link%20(Symlink)%20Following&color=brighgreen)
### Description
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink