CVE-2023-32454
CVE-2023-32454
In short
DUP framework versions up to 4.9.4.36 improperly handle Windows junctions and mount points, allowing a local user to create files in unintended locations and cause system disruption.
Technical detail
The vulnerability involves insecure operations on Windows junction/mount point objects in DUP framework ≤4.9.4.36. A local attacker with standard user privileges can exploit this to write arbitrary files through symlink/junction manipulation, potentially achieving denial of service or privilege escalation.
Summary generated and translated by AI from the official description.
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected products
Dell · DUP FrameworkWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →