Insecure Operation on Windows Junction / Mount Point

CVE-2023-28065

Medium

6.7/10

Summary

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

The software opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.

References

Advisory Timeline

Published Jun 23, 2023

Insecure Operation on Windows Junction / Mount Point

CVE-2023-28065

Summary

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS