Skip to main content

CWE-1386

Insecure Operation on Windows Junction / Mount Point

12 CVEs Avg CVSS 6.6 MITRE
0
CRITICAL
7
HIGH
3
MEDIUM
2
LOW
0
POC
0
KEV

Monthly

CVE-2026-41116 MEDIUM PATCH This Month

Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.

Information Disclosure Dell Inventory Collector Client
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-58074 HIGH This Week

Norton Secure VPN installed via Microsoft Store allows low-privilege Windows users to escalate to SYSTEM-level privileges by replacing files during the installation process, causing arbitrary file deletion. Cisco Talos discovered this TOCTOU (Time-of-Check Time-of-Use) race condition in the installer. No public exploit code or active exploitation confirmed at time of analysis, but the local attack vector with low complexity (CVSS AC:L) makes this highly exploitable once installation details are known.

Microsoft Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-36340 MEDIUM PATCH This Month

A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Amd Information Disclosure Uprof
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-7400 HIGH This Week

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Eset Information Disclosure Microsoft
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2023-5834 Go HIGH PATCH This Week

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Hashicorp Vagrant
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-40623 HIGH This Week

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-32470 MEDIUM PATCH This Month

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Dell Microsoft Digital Delivery
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28065 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Dell Microsoft Alienware Update Command Update +1
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-28071 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Dell Microsoft Alienware Update Command Update +1
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-24572 LOW PATCH Monitor

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Dell Command Integration Suite For System Center
NVD
CVSS 3.1
3.3
EPSS
0.2%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.

Information Disclosure Dell Inventory Collector Client
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Norton Secure VPN installed via Microsoft Store allows low-privilege Windows users to escalate to SYSTEM-level privileges by replacing files during the installation process, causing arbitrary file deletion. Cisco Talos discovered this TOCTOU (Time-of-Check Time-of-Use) race condition in the installer. No public exploit code or active exploitation confirmed at time of analysis, but the local attack vector with low complexity (CVSS AC:L) makes this highly exploitable once installation details are known.

Microsoft Privilege Escalation
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Amd Information Disclosure Uprof
NVD
EPSS 0% CVSS 8.5
HIGH This Week

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Eset Information Disclosure Microsoft
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Hashicorp +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Dell Microsoft +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Dell Microsoft +3
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Dell Microsoft +3
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Dell Command Integration Suite For System Center
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy