Lucene search
HistoryFeb 06, 2024 - 8:15 a.m.
CVE-2023-32454
dup framework
windows junction
mount point
vulnerability
local malicious user
arbitrary files
denial of service
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service
Affected configurations
Node
dellupdate_package_frameworkRange≤4.9.4.36
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dell | update_package_framework | * | cpe:2.3:a:dell:update_package_framework:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-32454
2024-02-06 08:00:46
vulnrichment
vulnrichment
CVE-2023-32454
2024-02-06 08:00:46
prion
prion
Design/Logic Flaw
2024-02-06 08:15:00
cve
cve
CVE-2023-32454
2024-02-06 08:15:49
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2023-32454