April 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2023-21216 – Google ChromeOS Vulnerability
November 17, 2023Rewterz Threat Advisory – ICS: Multiple Schneider Electric Products Vulnerabilities
November 17, 2023Rewterz Threat Advisory – CVE-2023-21216 – Google ChromeOS Vulnerability
November 17, 2023Rewterz Threat Advisory – ICS: Multiple Schneider Electric Products Vulnerabilities
November 17, 2023
Severity
Medium
Analysis Summary
CVE-2023-39246 CVSS:4.6
Dell Encryption, Endpoint Security Suite Enterprise, and Security Management Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure operation on a Windows junction. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-39259 CVSS:7.3
Dell OS Recovery Tool could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privileges Escalation
Indicators Of Compromise
CVE
- CVE-2023-39246
- CVE-2023-39259
Affected Vendors
Dell
Affected Products
- Dell Encryption 11.8.0
- Dell Endpoint Security Suite Enterprise 11.8.0
- Dell OS Recovery Tool 2.2.4013
- Dell OS Recovery Tool 2.3.7012.0
- Dell OS Recovery Tool 2.3.7515.0
- Dell Security Management Server 11.8.0 Windows
Remediation
Refer to Dell Dell Security Advisory for patch, upgrade or suggested workaround information.
