CVE-2023-28071 MEDIUM

CVE-2023-28071

Vendor Dell
Product Dell Command Update (DCU)
Weakness CWE-1386
Published June 23, 2023
Last update November 7, 2024

CVSS base score

6.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Key dates

02Disclosure timeline

June 23, 2023 CVE published
November 7, 2024 Record updated