Vulnerabilities > CVE-2023-32479 - Unspecified vulnerability in Dell products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

dell

NVD

Published: 2024-02-06

Updated: 2024-02-13

Summary

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Encryption - Dell Encryption 8.0.0 Dell Encryption 8.7.0 Dell Encryption 8.15.0 Dell Encryption 8.16.0 Dell Encryption 10.0.0 Dell Encryption 10.0.1 Dell Encryption 10.4.0 Dell Encryption 10.7.0 Dell Encryption 10.8 Dell Encryption 11.8.1 Dell Endpoint Security Suite Enterprise 2.0.1 Dell Endpoint Security Suite Enterprise 2.4.0 Dell Endpoint Security Suite Enterprise 2.7 Dell Endpoint Security Suite Enterprise 2.8 Dell Endpoint Security Suite Enterprise 11.8.1 Dell Security Management Server 10.2.0 Dell Security Management Server 11.8.1	18
OS	Microsoft Microsoft Windows -	1

References

https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260