Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3745

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

Published

2019-10-07T19:15:11.047

Last Modified

2024-11-21T04:42:27.210

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-427
Type: Primary
CWE-426

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dell	encryption	< 10.4.0	Yes
Application	dell	endpoint_security_suite_enterprise	< 2.4.0	Yes

References

https://www.dell.com/support/article/SLN318889 Vendor Advisory ([email protected])
https://www.dell.com/support/article/SLN318889 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)