CVE-2024-47480

Vulnerability

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability [1]. The Security Update references Dell Command Update, Dell Update, Alienware Update, and Dell SupportAssist, but the affected component is the Inventory Collector Client itself. The software improperly resolves symbolic links before accessing files, enabling a low-privilege local attacker to redirect file operations to an unintended location.

Exploitation

The attacker must have local access to the system and low-privilege user credentials [1]. No additional user interaction is required. The vulnerability is exploited by placing a crafted symbolic link that the Dell Inventory Collector Client follows during its normal operation, causing it to read or write files as a higher-privilege process [1]. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) confirms the attack is local, requires low privileges, and no user interaction.

Impact

Successful exploitation results in elevation of privileges, granting the attacker the ability to read, modify, or delete files that are normally inaccessible to the low-privilege account [1]. Since the process runs with elevated rights, the impact is high on confidentiality, integrity, and availability (CVSS score 7.8).

Mitigation

Dell released version 12.7.0 on December 16, 2024, to remediate this vulnerability [1]. All users running Dell Inventory Collector Client prior to 12.7.0 should update to the fixed version. No workaround is described in the advisory. There is no indication that this CVE is listed in CISA's Known Exploited Vulnerabilities catalog.