Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.dell.com/support/article/SLN319697 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2019-12-03T20:20:16.832347Z
Updated: 2024-09-16T23:11:52.600Z
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3750
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-12-03T21:15:11.550
Modified: 2019-12-10T16:05:47.060
Link: CVE-2019-3750
Redhat
No data.