CVE-2023-28079 HIGH

CVE-2023-28079

Vendor Dell
Product PowerPath Windows
Weakness CWE-276
Published May 30, 2023
Last update January 10, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Key dates

02Disclosure timeline

May 30, 2023 CVE published
January 10, 2025 Record updated