PT-2019-16691 · Dell · Dell Command | Update

Publicado

2019-12-03

Atualizado

2019-12-10

CVE-2019-3750

CVSS v3.1

5.6

Média

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Dell Command Update versions prior to 3.1

Description The issue is related to an Arbitrary File Deletion problem. A local authenticated malicious user with low privileges could potentially exploit this to delete arbitrary files. This is achieved by creating a symlink from the TempICICDebugLog.txt to any targeted file. The problem arises due to insecure handling of Temp directory permissions that were set incorrectly.

Recommendations For versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Temp directory to prevent exploitation.

Correção

Link Following

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59CWE-427

Identificadores relacionados

CVE-2019-3750

Produtos afetados

Dell Command | Update

PT-2019-16691 · Dell · Dell Command | Update

CVE-2019-3750

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3