CWE-1386
AllowedInsecure Operation on Windows Junction / Mount Point
Abstraction: Base · Status: Incomplete
The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.
26 vulnerabilities reference this CWE, most recent first.
GHSA-934W-FHC8-QWCJ
Vulnerability from github – Published: 2024-02-06 09:31 – Updated: 2024-02-06 09:31DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service
{
"affected": [],
"aliases": [
"CVE-2023-32454"
],
"database_specific": {
"cwe_ids": [
"CWE-1386",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T08:15:49Z",
"severity": "MODERATE"
},
"details": "\nDUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service\n\n",
"id": "GHSA-934w-fhc8-qwcj",
"modified": "2024-02-06T09:31:38Z",
"published": "2024-02-06T09:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32454"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000216236/dsa-2023-192"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-959V-9J99-99W5
Vulnerability from github – Published: 2024-02-06 09:31 – Updated: 2024-02-06 09:31Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion
{
"affected": [],
"aliases": [
"CVE-2023-32474"
],
"database_specific": {
"cwe_ids": [
"CWE-1386",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-06T08:15:50Z",
"severity": "MODERATE"
},
"details": "\nDell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion\n\n",
"id": "GHSA-959v-9j99-99w5",
"modified": "2024-02-06T09:31:38Z",
"published": "2024-02-06T09:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32474"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HF8F-6VQW-RCH6
Vulnerability from github – Published: 2023-09-08 06:32 – Updated: 2024-04-04 07:33Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
{
"affected": [],
"aliases": [
"CVE-2023-32470"
],
"database_specific": {
"cwe_ids": [
"CWE-1386"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-08T06:15:07Z",
"severity": "MODERATE"
},
"details": "\nDell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n",
"id": "GHSA-hf8f-6vqw-rch6",
"modified": "2024-04-04T07:33:59Z",
"published": "2023-09-08T06:32:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32470"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000216243/dsa-2023-224"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HGV7-WRHW-7W24
Vulnerability from github – Published: 2023-09-13 15:31 – Updated: 2024-04-04 07:39SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.
{
"affected": [],
"aliases": [
"CVE-2023-40623"
],
"database_specific": {
"cwe_ids": [
"CWE-1386"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-12T03:15:13Z",
"severity": "HIGH"
},
"details": "SAP BusinessObjects Suite\u00a0Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.\n\n",
"id": "GHSA-hgv7-wrhw-7w24",
"modified": "2024-04-04T07:39:03Z",
"published": "2023-09-13T15:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40623"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3317702"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RR4P-M9J4-P7CX
Vulnerability from github – Published: 2023-06-23 12:30 – Updated: 2024-04-04 05:06Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
{
"affected": [],
"aliases": [
"CVE-2023-28071"
],
"database_specific": {
"cwe_ids": [
"CWE-1386",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-23T11:15:09Z",
"severity": "HIGH"
},
"details": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n",
"id": "GHSA-rr4p-m9j4-p7cx",
"modified": "2024-04-04T05:06:27Z",
"published": "2023-06-23T12:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28071"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W728-JX3Q-VWR2
Vulnerability from github – Published: 2023-06-23 12:30 – Updated: 2024-04-04 05:06Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2023-28065"
],
"database_specific": {
"cwe_ids": [
"CWE-1386",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-23T12:15:09Z",
"severity": "HIGH"
},
"details": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.\n\n",
"id": "GHSA-w728-jx3q-vwr2",
"modified": "2024-04-04T05:06:31Z",
"published": "2023-06-23T12:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28065"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Separation of Privilege
When designing software that will have different rights than the executer, the software should check that files that it is interacting with are not improper hard links or mount points. One way to do this in Windows is to use the functionality embedded in the following command: "dir /al /s /b" or, in PowerShell, use LinkType as a filter. In addition, some software uses authentication via signing to ensure that the file is the correct one to use. Make checks atomic with the file action, otherwise a TOCTOU weakness (CWE-367) can be introduced.
No CAPEC attack patterns related to this CWE.