CVE-2024-52537
EUVD-2024-4614011.12.2024, 08:15
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dell | dock_hd22q_firmware_update_utility | 𝑥 < 1.00.23 |
| dell | dock_hd22q_firmware_update_utility | 𝑥 < 1.00.28 |
| dell | dock_wd19_firmware_update_utility | 𝑥 < 01.00.44 |
| dell | dock_wd19_firmware_update_utility | 𝑥 < 01.00.28 |
| dell | dock_wd22tb4_firmware_update_utility | 𝑥 < 01.00.28 |
| dell | dock_wd22tb4_firmware_update_utility | 𝑥 < 01.00.44 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-61 - UNIX Symbolic Link (Symlink) FollowingThe software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.