Improper Access Control Vulnerability in Dell OS Recovery Tool
CVE-2023-39259

7.3HIGH

Key Information:

Vendor: Dell
Status: Dell Os Recovery Tool
Vendor: CVE Published:; 16 November 2023

What is CVE-2023-39259?

The Dell OS Recovery Tool versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain a vulnerability that allows local authenticated non-administrator users to potentially exploit improper access controls. This could lead to unauthorized elevation of privileges on the affected systems, compromising their security integrity.

Affected Version(s)

Dell OS Recovery Tool SW Versions 2.3.7012.0, 2.2.4013, and 2.3.7515.0.

References

https://www.dell.com/support/kbdoc/en-us/000217078/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Jul 26, 2023

Credit

Gee-netics