vulnerability
Dell Command Update: CVE-2023-28071: DSA-2023-170: Dell Command | Update, Dell Update, and Alienware Update Security Update for an Insecure Operation on Windows Junction / Mount Point vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:S/C:N/I:C/A:C) | Jun 13, 2023 | Nov 28, 2025 | Nov 28, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:S/C:N/I:C/A:C)
Published
Jun 13, 2023
Added
Nov 28, 2025
Modified
Nov 28, 2025
Description
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
Solution
dell-command-update-upgrade-latest
References
- CWE-1386
- CWE-59
- CVE-2023-28071
- https://attackerkb.com/topics/CVE-2023-28071
- URL-https://www.dell.com/support/home/en-in/drivers/DriversDetails?driverId=J6PNP
- URL-https://www.dell.com/support/home/en-in/drivers/DriversDetails?driverId=30F6M
- URL-https://www.dell.com/support/kbdoc/en-in/000213546/dsa-2023-170-dell-command-update
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.