DSA-2023-147: Dell OS Recovery Tool Security Update for an Improper Access Control Vulnerability
摘要: Dell OS Recovery Tool remediation is available for an Improper Access Control vulnerability that could be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
High
详情
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-28066 | Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-28066 | Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
受影响的产品和补救措施
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell OS Recovery Tool | Versions 2.2.4013 and 2.3.7012.0 |
2.3.7515.0 | Download Dell OS Recovery Tool |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell OS Recovery Tool | Versions 2.2.4013 and 2.3.7012.0 |
2.3.7515.0 | Download Dell OS Recovery Tool |
解决方法和缓解措施
None.
修订历史记录
| Revision | Date | Description |
| 1.0 | 2023-05-31 | Initial Release |
确认
CVE-2023-28066: Dell Technologies would like to thank Gee-netics for reporting this issue.
相关信息
法律免责声明
受影响的产品
Software & Drivers, Product Security Information文章属性
文章编号: 000212575
文章类型: Dell Security Advisory
上次修改时间: 31 5月 2023
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。