Vulnerability Details : CVE-2023-32474
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion
Products affected by CVE-2023-32474
- cpe:2.3:a:dell:display_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32474
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32474
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.6
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
1.3
|
5.2
|
NIST | 2024-02-12 |
|
6.6
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
1.3
|
5.2
|
Dell | 2024-02-06 |
CWE ids for CVE-2023-32474
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
-
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.Assigned by: security_alert@emc.com (Secondary)
References for CVE-2023-32474
-
https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell
DSA-2023-182: Dell Display Manager Security Update for Multiple Vulnerabilities | Dell USVendor Advisory
Jump to