Lucene search

DellCVELIST:CVE-2020-5385

HistoryAug 18, 2020 - 8:40 p.m.

CVE-2020-5385

2020-08-1820:40:11

CWE-732

dell

www.cve.org

dell

encryption

endpoint security

privilege escalation

vulnerability

cve-2020-5385

incomplete fix

symbolic link

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

12.6%

JSON

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

CNA Affected

[
  {
    "product": "Dell Encryption Enterprise",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "10.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/article/SLN322456

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-5385