CVE-2023-28071
CVE-2023-28071
In short
Dell Command | Update and related software versions 4.9.0 and earlier have a flaw that allows a local attacker to create arbitrary folders through Windows junctions, potentially causing the application to stop working permanently.
Technical detail
The vulnerability exists in improper handling of Windows junction points and mount points (CWE-1386). A local attacker with user-level privileges can exploit this to create malicious junctions that lead to Denial of Service, affecting availability without requiring elevated permissions or user interaction.
Summary generated and translated by AI from the official description.
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected products
Dell · Dell Command Update (DCU)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →