Encryption
Monthly
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability (CWE-61) that allows a local user with limited privileges to escalate their permissions to higher levels without user interaction. The vulnerability has a CVSS score of 7.8 (High) with local attack vector and low attack complexity, indicating straightforward exploitation by unprivileged local users. No active exploitation in the wild has been confirmed at this time, but the local privilege escalation nature and availability of detailed CVE information presents a meaningful post-patch exploitation risk.
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability (CWE-61) that allows a local user with limited privileges to escalate their permissions to higher levels without user interaction. The vulnerability has a CVSS score of 7.8 (High) with local attack vector and low attack complexity, indicating straightforward exploitation by unprivileged local users. No active exploitation in the wild has been confirmed at this time, but the local privilege escalation nature and availability of detailed CVE information presents a meaningful post-patch exploitation risk.
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.