Authentication Bypass in Dell Support Assist OS Recovery
CVE-2022-26865

6.8MEDIUM

Key Information:

Vendor: Dell
Status: Dell Os Recovery Tool
Vendor: CVE Published:; 26 May 2022

What is CVE-2022-26865?

An authentication bypass vulnerability exists in Dell Support Assist OS Recovery prior to version 5.5.2. This flaw allows an unauthenticated attacker with physical access to the system to bypass OS Recovery authentication, potentially enabling the execution of arbitrary code on the system as an Administrator. This vulnerability could lead to serious security implications if exploited.

Affected Version(s)

Dell OS Recovery Tool < 5.5.2

References

https://www.dell.com/support/kbdoc/en-us/000198780/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2022
Vulnerability Reserved
Mar 10, 2022