CVE-2020-5358
First published: Mon Jun 15 2020(Updated: )
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Data Protection | Encryption | <=10.7.0 | |
| Dell Endpoint Security Suite Enterprise | <2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Dell Encryption vulnerability?
The vulnerability ID for this Dell Encryption vulnerability is CVE-2020-5358.
What is the severity level of CVE-2020-5358?
CVE-2020-5358 has a severity level of high.
Which versions of Dell Encryption are affected by this vulnerability?
Versions prior to 10.7 of Dell Encryption are affected by this vulnerability.
Which versions of Dell Endpoint Security Suite are affected by this vulnerability?
Versions prior to 2.7 of Dell Endpoint Security Suite are affected by this vulnerability.
How can a local malicious user exploit this vulnerability?
A local malicious user with low privileges can potentially exploit this vulnerability to gain elevated privilege on the affected system.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell data protection | encryption
- version/dell data protection | encryption/10.7.0
- canonical/dell endpoint security suite enterprise