Skip to main content

Insecure Operation on Windows Junction / Mount Point

CVE-2023-24572

Severity Medium
Score 4.7/10

Summary

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

  • HIGH
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

The software opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.

References

Advisory Timeline

  • Published