PT-2019-16690 · Dell · Dell Command | Update

Published

2019-12-03

Updated

2019-12-10

CVE-2019-3749

CVSS v3.1

5.6

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Dell Command Update versions prior to 3.1

Description The issue allows a local authenticated malicious user with low privileges to potentially delete arbitrary files by creating a symlink from the "TempICProgressDell InventoryCollector Progress.xml" to any targeted file. This occurs due to incorrect permissions on the Temp directory.

Recommendations For versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Temp directory to prevent exploitation.

Fix

Link Following

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-427

Related Identifiers

CVE-2019-3749

Affected Products

Dell Command | Update

PT-2019-16690 · Dell · Dell Command | Update

CVE-2019-3749

Weakness Enumeration

Related Identifiers

Affected Products

References · 3