CVE-2019-3745

Name of the Vulnerable Software and Affected Versions Dell Encryption Enterprise versions prior to 10.4.0 Dell Endpoint Security Suite Enterprise versions prior to 2.4.0

Description The issue is limited to the installation process of the affected products and can be exploited by a local authenticated low-privileged user. This user could potentially stage a malicious DLL in the search path of the installer before it is executed by a local administrator. As a result, the malicious DLL would be loaded, allowing the attacker to execute arbitrary code in the context of an administrator.

Recommendations For Dell Encryption Enterprise versions prior to 10.4.0, update to version 10.4.0 or later to resolve the issue. For Dell Endpoint Security Suite Enterprise versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the installer and ensuring that only trusted users can execute it, to minimize the risk of exploitation.