CVE-2023-23698
CVE-2023-23698
In short
The installer for Dell Command | Update and related tools has a flaw that allows a local attacker to delete arbitrary files on your system. This happens because the installer doesn't properly validate Windows shortcuts, giving someone with local access a way to cause damage.
Technical detail
An insecure junction handling vulnerability in the installer component of Dell Command | Update (versions < 4.6.0 and < 4.7.1) allows local attackers to perform arbitrary file deletion. The vulnerability exists in how the installer processes Windows junctions without proper validation, enabling privilege escalation through symlink/junction hijacking attacks during installation.
Summary generated and translated by AI from the official description.
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Dell · Dell Command Update (DCU)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →