Inventory Collector Client
Monthly
Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.
Arbitrary file write in Dell Inventory Collector Client versions prior to 13.8.0 allows a low-privileged local attacker to overwrite files outside the intended write path by exploiting improper symbolic or hard link resolution. The vulnerability (CWE-1386) arises when the client resolves a link to an unintended target before performing a file access operation, enabling an attacker to redirect writes to attacker-controlled locations. No public exploit has been identified at time of analysis and CISA KEV confirmation is absent, but the high integrity and availability impact (CVSS I:H/A:H) means successful exploitation could corrupt system files or cause denial of service.