DSA-2023-271: Security Update for a Dell Encryption, Dell Endpoint Security Suite Enterprise and Dell Security Management Server Vulnerability
Summary: Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server remediation are available for an insecure operation on Windows junction vulnerability during installation that could be exploited by malicious users to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39246 | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation | 4.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39246 | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation | 4.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L |
Affected Products & Remediation
| Product | Software/ Firmware | Affected Versions | Remediated Version | Link |
|---|---|---|---|---|
| Dell Encryption |
SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers |
| Dell Endpoint Security Suite Enterprise | SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-dp-endpt-security-suite-enterprise/drivers |
| Dell Security Management Server (Windows) | SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers |
| Product | Software/ Firmware | Affected Versions | Remediated Version | Link |
|---|---|---|---|---|
| Dell Encryption |
SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers |
| Dell Endpoint Security Suite Enterprise | SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-dp-endpt-security-suite-enterprise/drivers |
| Dell Security Management Server (Windows) | SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-14 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
Dell Encryption, Dell Endpoint Security Suite EnterpriseArticle Properties
Article Number: 000217572
Article Type: Dell Security Advisory
Last Modified: 14 Nov 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.