CVE-2023-39259

Published: Nov 16, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

Affected (3)

Products: Dell: Os Recovery Tool

1 product

Os Recovery Tool

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Os Recovery Tool	Version 2.2.4013
Dell Os Recovery Tool	Version 2.3.7012.0
Dell Os Recovery Tool	Version 2.3.7515.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.dell.com/support/kbdoc/en-us/000217078/dsa-2023-319dsa-2023-319

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000217078/dsa-2023-319dsa-2023-319

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.