Security restrictions bypass in Dell Protected Workspace - CVE-2016-8732
Published: July 5, 2017 / Updated: July 5, 2017
Vulnerability identifier: #VU7322
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8732
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
Dell Protected Workspace
Dell Protected Workspace
Detailed vulnerability description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists in the ‘InvProtectDrv.sys’ driver component due to weak restrictions on the driver communication channel and additonal insufficient checks. A local attacker can run a specially crafted application to turn off protection mechanisms and gain access to the system.
The weakness exists in the ‘InvProtectDrv.sys’ driver component due to weak restrictions on the driver communication channel and additonal insufficient checks. A local attacker can run a specially crafted application to turn off protection mechanisms and gain access to the system.
How to mitigate CVE-2016-8732
Update Dell Protected Workspace to version 6.3.0.