CVE-2023-32474
CVE-2023-32474
In short
The Dell Display Manager installer doesn't properly validate Windows junction points, allowing a local attacker to delete arbitrary files or folders on the system during installation.
Technical detail
CWE-1386 insecure operation on Windows junction/mount points in Dell Display Manager ≤2.1.1.17 enables local privilege escalation during installation; an authenticated attacker can manipulate junction points to redirect file operations and achieve arbitrary file deletion on the system.
Summary generated and translated by AI from the official description.
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Affected products
Dell · Dell Display ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →