Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Dell Endpoint Security Suite Enterprise by Dell
CVE-2023-32479 (GCVE-0-2023-32479)
Vulnerability from nvd – Published: 2024-02-06 08:09 – Updated: 2024-08-22 19:24
VLAI
EPSS
VEX
Summary
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021588… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Encryption |
Affected:
0 , < 11.9.0
(semver)
|
|
| Dell | Dell Endpoint Security Suite Enterprise |
Affected:
0 , < 11.9.0
(semver)
|
|
| Dell | Dell Security Management Server (Windows) |
Affected:
0 , < 11.9.0
(semver)
|
|
| dell | security_management_server |
Affected:
0 , < 11.9.0
(semver)
cpe:2.3:a:dell:security_management_server:11.9.0:*:*:*:*:*:*:* |
|
| dell | endpoint_security_suite_enterprise |
Affected:
0 , < 11.9.0
(semver)
cpe:2.3:a:dell:endpoint_security_suite_enterprise:11.9.0:*:*:*:*:*:*:* |
|
| dell | encryption |
Affected:
0 , < 11.9.0
(semver)
cpe:2.3:a:dell:encryption:11.9.0:*:*:*:*:*:*:* |
Date Public
2024-01-09 06:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:security_management_server:11.9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "security_management_server",
"vendor": "dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:endpoint_security_suite_enterprise:11.9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_security_suite_enterprise",
"vendor": "dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:encryption:11.9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "encryption",
"vendor": "dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T15:22:13.617944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:24:50.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Encryption",
"vendor": "Dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Endpoint Security Suite Enterprise",
"vendor": "Dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Security Management Server (Windows)",
"vendor": "Dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Pwni"
}
],
"datePublic": "2024-01-09T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.\u003c/span\u003e\n\n"
}
],
"value": "\nDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T08:09:30.931Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32479",
"datePublished": "2024-02-06T08:09:30.931Z",
"dateReserved": "2023-05-09T06:09:57.041Z",
"dateUpdated": "2024-08-22T19:24:50.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3745 (GCVE-0-2019-3745)
Vulnerability from nvd – Published: 2019-10-07 18:21 – Updated: 2024-09-17 04:14
VLAI
EPSS
VEX
Summary
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.
Severity
6.7 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/article/SLN318889 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Encryption Enterprise |
Affected:
unspecified , < 10.4.0
(custom)
|
|
| Dell | Dell Endpoint Security Suite Enterprise |
Affected:
unspecified , < 2.4.0
(custom)
|
Date Public
2019-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/SLN318889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Encryption Enterprise",
"vendor": "Dell",
"versions": [
{
"lessThan": "10.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Dell Endpoint Security Suite Enterprise",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-07T18:21:30.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/SLN318889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-10-03",
"ID": "CVE-2019-3745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Encryption Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.4.0"
}
]
}
},
{
"product_name": "Dell Endpoint Security Suite Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.4.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/SLN318889",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/SLN318889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3745",
"datePublished": "2019-10-07T18:21:30.854Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:14:02.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32479 (GCVE-0-2023-32479)
Vulnerability from cvelistv5 – Published: 2024-02-06 08:09 – Updated: 2024-08-22 19:24
VLAI
EPSS
VEX
Summary
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021588… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Encryption |
Affected:
0 , < 11.9.0
(semver)
|
|
| Dell | Dell Endpoint Security Suite Enterprise |
Affected:
0 , < 11.9.0
(semver)
|
|
| Dell | Dell Security Management Server (Windows) |
Affected:
0 , < 11.9.0
(semver)
|
|
| dell | security_management_server |
Affected:
0 , < 11.9.0
(semver)
cpe:2.3:a:dell:security_management_server:11.9.0:*:*:*:*:*:*:* |
|
| dell | endpoint_security_suite_enterprise |
Affected:
0 , < 11.9.0
(semver)
cpe:2.3:a:dell:endpoint_security_suite_enterprise:11.9.0:*:*:*:*:*:*:* |
|
| dell | encryption |
Affected:
0 , < 11.9.0
(semver)
cpe:2.3:a:dell:encryption:11.9.0:*:*:*:*:*:*:* |
Date Public
2024-01-09 06:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:security_management_server:11.9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "security_management_server",
"vendor": "dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:endpoint_security_suite_enterprise:11.9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_security_suite_enterprise",
"vendor": "dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:encryption:11.9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "encryption",
"vendor": "dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T15:22:13.617944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:24:50.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Encryption",
"vendor": "Dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Endpoint Security Suite Enterprise",
"vendor": "Dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell Security Management Server (Windows)",
"vendor": "Dell",
"versions": [
{
"lessThan": "11.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Pwni"
}
],
"datePublic": "2024-01-09T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.\u003c/span\u003e\n\n"
}
],
"value": "\nDell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T08:09:30.931Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32479",
"datePublished": "2024-02-06T08:09:30.931Z",
"dateReserved": "2023-05-09T06:09:57.041Z",
"dateUpdated": "2024-08-22T19:24:50.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3745 (GCVE-0-2019-3745)
Vulnerability from cvelistv5 – Published: 2019-10-07 18:21 – Updated: 2024-09-17 04:14
VLAI
EPSS
VEX
Summary
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.
Severity
6.7 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/article/SLN318889 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Encryption Enterprise |
Affected:
unspecified , < 10.4.0
(custom)
|
|
| Dell | Dell Endpoint Security Suite Enterprise |
Affected:
unspecified , < 2.4.0
(custom)
|
Date Public
2019-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/SLN318889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell Encryption Enterprise",
"vendor": "Dell",
"versions": [
{
"lessThan": "10.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Dell Endpoint Security Suite Enterprise",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-07T18:21:30.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/SLN318889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-10-03",
"ID": "CVE-2019-3745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Encryption Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.4.0"
}
]
}
},
{
"product_name": "Dell Endpoint Security Suite Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.4.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.7,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/SLN318889",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/SLN318889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3745",
"datePublished": "2019-10-07T18:21:30.854Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:14:02.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}