CVE-2023-32470
CVE-2023-32470
In short
Dell Digital Delivery before version 5.0.82.0 has a flaw that allows a local attacker to create arbitrary folders on Windows junctions, which can cause the application to stop working permanently.
Technical detail
The vulnerability exists in Dell Digital Delivery versions prior to 5.0.82.0 and involves insecure handling of Windows junction points. A local adversary with user-level privileges can exploit this to create malicious folder structures that trigger a permanent denial of service condition.
Summary generated and translated by AI from the official description.
Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected products
Dell · Dell Digital DeliveryWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →