CVE-2019-3749

Name of the Vulnerable Software and Affected Versions Dell Command Update versions prior to 3.1

Description The issue allows a local authenticated malicious user with low privileges to potentially delete arbitrary files by creating a symlink from the "TempICProgressDell InventoryCollector Progress.xml" to any targeted file. This occurs due to incorrect permissions on the Temp directory.

Recommendations For versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Temp directory to prevent exploitation.