CVE-2020-5385
MEDIUMDell Encryption < 10.8 - Incorrect Permission Assignment
Title source: ruleDescription
Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/SLN322456
Scores
CVSS v3
6.7
EPSS
0.0002
EPSS Percentile
5.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (2)
dell/encryption
< 10.8
dell/endpoint_security_suite_enterprise
< 2.8
Published
Aug 18, 2020
Tracked Since
Feb 18, 2026