DSA-2020-059: Dell OS Recovery Image Insecure Inherited Permissions Vulnerability

DSA-2020-059: Dell OS Recovery Image Insecure Inherited Permissions Vulnerability


DSA Identifier: DSA-2020-059

CVE Identifier: CVE-2020-5343

Severity: High

Severity Rating: CVSS Base Score: 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

Affected products:

Dell Client platforms licensed for Microsoft Windows 10 restored using a Dell OS recovery image for Microsoft Windows 10 that was downloaded before December 20, 2019.

Summary:

Dell Windows 10 recovery images require an update to address an insecure inherited permissions vulnerability.

Details:

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

Resolution:

Dell OS recovery images released December 20, 2019 and later have been updated to remediate this vulnerability.

Customers who used a Dell OS recovery image for Microsoft Windows 10, downloaded before December 20, 2019, should install the Critical Update labeled as "Dell Security Advisory DSA-2020-059" using one of the following Dell Download Notification Applications:

  • Dell Update 3.1 or later
  • Dell Command Update 3.1 or later
  • Dell SupportAssist 3.4.1 or later

Installation of this update will remediate this vulnerability on affected systems without further user interaction.

Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).

Severity Rating:

For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

Legal Information:

Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.





Artikel-ID: SLN321036

Datum der letzten Änderung: 05/05/2020 11:55 AM


Diesen Artikel bewerten

Präzise
Nützlich
Leicht verständlich
War dieser Artikel hilfreich?
Ja Nein
Schicken Sie uns Ihr Feedback.
Die folgenden Sonderzeichen dürfen in Kommentaren nicht verwendet werden: <>()\
Derzeit ist kein Zugriff auf das Feedbacksystem möglich. Bitte versuchen Sie es später erneut.

Vielen Dank für Ihr Feedback.