Insecure Operation on Windows Junction / Mount Point
CVE-2023-24572
Summary
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
- HIGH
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-1386 - Insecure Operation on Windows Junction / Mount Point
The software opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.
References
Advisory Timeline
- Published