CVE-2023-32479 MEDIUM

CVE-2023-32479

Vendor Dell

Product Dell Encryption

Weakness CWE-284

Published February 6, 2024

Last update August 22, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

Key dates

02Disclosure timeline

February 6, 2024 CVE published

August 22, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-32479 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2023-32479

CWE CWE-284

CVSS 6.7 / MEDIUM

Affected versions

Vendor Dell

Product Dell Encryption

Affected < 11.9.0

Vendor Dell

Product Dell Endpoint Security Suite Enterprise

Affected < 11.9.0

Vendor Dell

Product Dell Security Management Server (Windows)

Affected < 11.9.0

CVE-2023-32479

01Description

02Disclosure timeline

03References

04Related CVE