DSA-2023-271: Security Update for a Dell Encryption, Dell Endpoint Security Suite Enterprise and Dell Security Management Server Vulnerability
Riepilogo: Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server remediation are available for an insecure operation on Windows junction vulnerability during installation that could be exploited by malicious users to compromise the affected system. ...
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
Medium
Dettagli
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39246 | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation | 4.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39246 | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation | 4.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L |
Prodotti interessati e correzione
| Product | Software/ Firmware | Affected Versions | Remediated Version | Link |
|---|---|---|---|---|
| Dell Encryption |
SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers |
| Dell Endpoint Security Suite Enterprise | SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-dp-endpt-security-suite-enterprise/drivers |
| Dell Security Management Server (Windows) | SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers |
| Product | Software/ Firmware | Affected Versions | Remediated Version | Link |
|---|---|---|---|---|
| Dell Encryption |
SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers |
| Dell Endpoint Security Suite Enterprise | SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-dp-endpt-security-suite-enterprise/drivers |
| Dell Security Management Server (Windows) | SW | Versions prior to 11.8.1 | 11.8.1 or later | https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers |
Cronologia delle revisioni
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-11-14 | Initial Release |
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
Dell Encryption, Dell Endpoint Security Suite EnterpriseProprietà dell'articolo
Numero articolo: 000217572
Tipo di articolo: Dell Security Advisory
Ultima modifica: 14 nov 2023
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.