Vulnerability Details : CVE-2023-32479
Public exploit exists!
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-32479
- cpe:2.3:a:dell:encryption:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:endpoint_security_suite_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:security_management_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32479
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32479
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-02-13 |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
Dell | 2024-02-06 |
CWE ids for CVE-2023-32479
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: security_alert@emc.com (Secondary)
References for CVE-2023-32479
-
https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260
DSA-2023-260: Security Update for a Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server Vulnerability | Dell USVendor Advisory
Jump to