PT-2019-16691 · Dell · Dell Command | Update

Published

2019-12-03

Updated

2019-12-10

CVE-2019-3750

CVSS v3.1

5.6

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Dell Command Update versions prior to 3.1

Description The issue is related to an Arbitrary File Deletion problem. A local authenticated malicious user with low privileges could potentially exploit this to delete arbitrary files. This is achieved by creating a symlink from the TempICICDebugLog.txt to any targeted file. The problem arises due to insecure handling of Temp directory permissions that were set incorrectly.

Recommendations For versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Temp directory to prevent exploitation.

Fix

Link Following

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-427

Related Identifiers

CVE-2019-3750

Affected Products

Dell Command | Update

PT-2019-16691 · Dell · Dell Command | Update

CVE-2019-3750

Weakness Enumeration

Related Identifiers

Affected Products

References · 3