DSA-2019-139: Dell ImageAssist Security Update for an Information Disclosure Vulnerability
Summary: This Dell ImageAssist update contains a resolution for an information disclosure vulnerability that potentially could be exploited by malicious users to compromise affected systems.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.
CVSS Base Score: 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score: 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.
CVSS Base Score: 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score: 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
Affected Products & Remediation
Affected products:
Dell ImageAssist versions prior to 8.7.15
Remediation:
The following Dell ImageAssist release contains a resolution to the vulnerability:
- Dell ImageAssist version 8.7.15
Dell recommends all customers upgrade at the earliest opportunity.
IT administrators who created images with Dell ImageAssist prior to 8.7.15 should change any password included in the created image on the deployed systems.
General Guidance on Account Security:
- IT administrators should enforce OS password change at regular intervals.
- IT administrators should set complex password requirements.
- Users should not use the same passwords on other systems.
- Users should use a password manager to make sure they’re using strong, unique passwords everywhere.
Affected products:
Dell ImageAssist versions prior to 8.7.15
Remediation:
The following Dell ImageAssist release contains a resolution to the vulnerability:
- Dell ImageAssist version 8.7.15
Dell recommends all customers upgrade at the earliest opportunity.
IT administrators who created images with Dell ImageAssist prior to 8.7.15 should change any password included in the created image on the deployed systems.
General Guidance on Account Security:
- IT administrators should enforce OS password change at regular intervals.
- IT administrators should set complex password requirements.
- Users should not use the same passwords on other systems.
- Users should use a password manager to make sure they’re using strong, unique passwords everywhere.
Related Information
Legal Disclaimer
Affected Products
Image AssistArticle Properties
Article Number: 000137539
Article Type: Dell Security Advisory
Last Modified: 26 Aug 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.