7.1

CVE-2023-28071

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DellAlienware Update Version < 4.9.0
   MicrosoftWindows Version-
DellAlienware Update Version4.9.0 Updatea01
   MicrosoftWindows Version-
DellCommand Update Version < 4.9.0
   MicrosoftWindows Version-
DellCommand Update Version4.9.0 Updatea01
   MicrosoftWindows Version-
DellUpdate Version < 4.9.0
   MicrosoftWindows Version-
DellUpdate Version4.9.0 Updatea01
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.126
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
security_alert@emc.com 6.3 1 5.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE-1386 Insecure Operation on Windows Junction / Mount Point

The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.