Zu den Hauptinhalten
Abmelden

Willkommen bei Dell

Mein Konto
  • Bestellungen schnell und einfach aufgeben
  • Bestellungen anzeigen und den Versandstatus verfolgen
  • Profitieren Sie von exklusiven Prämien und Rabatten für Mitglieder
  • Erstellen Sie eine Liste Ihrer Produkte, auf die Sie jederzeit zugreifen können.
  • Verwalten Sie mit der Unternehmensverwaltung Ihre Dell EMC Seiten, Produkte und produktspezifischen Kontakte.
Anmelden Konto erstellen Premier-Anmeldung Anmeldung beim Partnerprogramm
Kontakt

Ihr Warenkorb bei Dell.com

Artikelnummer: 000133578

DSA-2020-059: Dell OS Recovery Image Insecure Inherited Permissions Vulnerability

Zusammenfassung: Dell Windows 10 recovery images require an update to address an insecure inherited permissions vulnerability.

Dieser Artikel wurde möglicherweise automatisch übersetzt. Wenn Sie eine Rückmeldung bezüglich dessen Qualität geben möchten, teilen Sie uns diese über das Formular unten auf dieser Seite mit.

Artikelinhalt

Auswirkungen

High

Details

  • Insecure Inherited Permissions Vulnerability
CVE-2020-5343

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

CVSS Base Score: 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
  • Insecure Inherited Permissions Vulnerability
CVE-2020-5343

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

CVSS Base Score: 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Problembehebung

Affected products:

Dell Client platforms licensed for Microsoft Windows 10 restored using a Dell OS recovery image for Microsoft Windows 10 that was downloaded before December 20, 2019.
 

Remediation:

Dell OS recovery images released December 20, 2019 and later have been updated to remediate this vulnerability.

 

Customers who used a Dell OS recovery image for Microsoft Windows 10, downloaded before December 20, 2019, should install the Critical Update labeled as "Dell Security Advisory DSA-2020-059" using one of the following Dell Download Notification Applications:

  • Dell Update 3.1 or later
  • Dell Command Update 3.1 or later
  • Dell SupportAssist 3.4.1 or later

 

Installation of this update will remediate this vulnerability on affected systems without further user interaction.

 

Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).

Affected products:

Dell Client platforms licensed for Microsoft Windows 10 restored using a Dell OS recovery image for Microsoft Windows 10 that was downloaded before December 20, 2019.
 

Remediation:

Dell OS recovery images released December 20, 2019 and later have been updated to remediate this vulnerability.

 

Customers who used a Dell OS recovery image for Microsoft Windows 10, downloaded before December 20, 2019, should install the Critical Update labeled as "Dell Security Advisory DSA-2020-059" using one of the following Dell Download Notification Applications:

  • Dell Update 3.1 or later
  • Dell Command Update 3.1 or later
  • Dell SupportAssist 3.4.1 or later

 

Installation of this update will remediate this vulnerability on affected systems without further user interaction.

 

Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtliche Hinweise

Artikeleigenschaften

Betroffenes Produkt

Product Security Information

Letztes Veröffentlichungsdatum

10 Nov. 2021

Version

5

Artikeltyp

Dell Security Advisory

Zurück zum Anfang