Dell Command Update versions prior to 3.1 Improper Link Resolution Before File Access (‘Link Following’) Vulnerability
Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability.
The information has been provided by Eran Shimony
The original article can be found at:https://www.dell.com/support/article/SLN319697
A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the “Temp\ICProgress\Dell_InventoryCollector_Progress.xml” to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.
Dell Command Update versions prior to 3.1