CVE-2020-5358
MEDIUMDell Encryption < 10.7.0 - Incorrect Permission Assignment
Title source: ruleDescription
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/SLN321789
Scores
CVSS v3
6.7
EPSS
0.0002
EPSS Percentile
4.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (2)
dell/encryption
< 10.7.0
dell/endpoint_security_suite_enterprise
< 2.7
Published
Jun 15, 2020
Tracked Since
Feb 18, 2026