CVE-2023-39246: 
Dell Security Management Server vulnerability analysis and mitigation

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. The vulnerability was discovered and disclosed in November 2023 (Dell Advisory).

The vulnerability is classified as an Insecure Operation on Windows Junction issue that occurs during the installation process. It has been assigned CWE-59 (Improper Link Resolution Before File Access) by NIST and CWE-61 (UNIX Symbolic Link Following) by Dell. The vulnerability has received a CVSS v3.1 base score of 7.3 (HIGH) from NIST with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, while Dell assigned it a score of 4.6 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L (NVD).

If exploited, this vulnerability could allow a local malicious user to create an arbitrary folder inside a restricted directory, potentially leading to privilege escalation (Dell Advisory).

Dell has released version 11.8.1 to address this vulnerability. Users of affected products (Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server) are advised to upgrade to version 11.8.1 or later (Dell Advisory).