Common Weakness Enumeration

CWE-1386

Allowed

Insecure Operation on Windows Junction / Mount Point

Abstraction: Base · Status: Incomplete

The product opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.

26 vulnerabilities reference this CWE, most recent first.

GHSA-934W-FHC8-QWCJ

Vulnerability from github – Published: 2024-02-06 09:31 – Updated: 2024-02-06 09:31
VLAI
Details

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1386",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-06T08:15:49Z",
    "severity": "MODERATE"
  },
  "details": "\nDUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service\n\n",
  "id": "GHSA-934w-fhc8-qwcj",
  "modified": "2024-02-06T09:31:38Z",
  "published": "2024-02-06T09:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32454"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000216236/dsa-2023-192"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-959V-9J99-99W5

Vulnerability from github – Published: 2024-02-06 09:31 – Updated: 2024-02-06 09:31
VLAI
Details

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1386",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-06T08:15:50Z",
    "severity": "MODERATE"
  },
  "details": "\nDell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion\n\n",
  "id": "GHSA-959v-9j99-99w5",
  "modified": "2024-02-06T09:31:38Z",
  "published": "2024-02-06T09:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32474"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HF8F-6VQW-RCH6

Vulnerability from github – Published: 2023-09-08 06:32 – Updated: 2024-04-04 07:33
VLAI
Details

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32470"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1386"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-08T06:15:07Z",
    "severity": "MODERATE"
  },
  "details": "\nDell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n",
  "id": "GHSA-hf8f-6vqw-rch6",
  "modified": "2024-04-04T07:33:59Z",
  "published": "2023-09-08T06:32:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32470"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000216243/dsa-2023-224"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HGV7-WRHW-7W24

Vulnerability from github – Published: 2023-09-13 15:31 – Updated: 2024-04-04 07:39
VLAI
Details

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40623"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1386"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-12T03:15:13Z",
    "severity": "HIGH"
  },
  "details": "SAP BusinessObjects Suite\u00a0Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.\n\n",
  "id": "GHSA-hgv7-wrhw-7w24",
  "modified": "2024-04-04T07:39:03Z",
  "published": "2023-09-13T15:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40623"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3317702"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RR4P-M9J4-P7CX

Vulnerability from github – Published: 2023-06-23 12:30 – Updated: 2024-04-04 05:06
VLAI
Details

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28071"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1386",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-23T11:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n",
  "id": "GHSA-rr4p-m9j4-p7cx",
  "modified": "2024-04-04T05:06:27Z",
  "published": "2023-06-23T12:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28071"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000213546/dsa-2023-170-dell-command-update"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W728-JX3Q-VWR2

Vulnerability from github – Published: 2023-06-23 12:30 – Updated: 2024-04-04 05:06
VLAI
Details

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1386",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-23T12:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.\n\n",
  "id": "GHSA-w728-jx3q-vwr2",
  "modified": "2024-04-04T05:06:31Z",
  "published": "2023-06-23T12:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28065"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000212574/dsa-2023-146"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Separation of Privilege

When designing software that will have different rights than the executer, the software should check that files that it is interacting with are not improper hard links or mount points. One way to do this in Windows is to use the functionality embedded in the following command: "dir /al /s /b" or, in PowerShell, use LinkType as a filter. In addition, some software uses authentication via signing to ensure that the file is the correct one to use. Make checks atomic with the file action, otherwise a TOCTOU weakness (CWE-367) can be introduced.

No CAPEC attack patterns related to this CWE.