Insecure Operation on Windows Junction / Mount Point

CVE-2023-23697

Medium

4.7/10

Summary

Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

The software opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.

References

Advisory Timeline

Published Feb 13, 2023

Insecure Operation on Windows Junction / Mount Point

CVE-2023-23697

Summary

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS