PT-2020-18415 · Dell · Dell Digital Delivery

Ammarit Thongthua

Published

2020-03-09

Updated

2020-03-10

CVE-2020-5342

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell Digital Delivery versions prior to 3.5.2015

Description The issue is related to incorrect default permissions, allowing a locally authenticated low-privileged malicious user to exploit it and run an arbitrary executable with administrative privileges on the affected system.

Recommendations For Dell Digital Delivery versions prior to 3.5.2015, update to version 3.5.2015 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative privileges to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2020-5342

Affected Products

Dell Digital Delivery

PT-2020-18415 · Dell · Dell Digital Delivery

CVE-2020-5342

Weakness Enumeration

Related Identifiers

Affected Products

References · 4