CVE-2023-39253: DSA-2023-336: Security Update for a Dell OS Recovery Tool Vulnerability

Impact

High

Details

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39253

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39253

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product

Affected Version(s)

Updated Version(s)

Link to Update

Dell OS Recovery Tool

Versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0.

2.3.7523.0 or later

https://www.dell.com/support/home/en-in/drivers/osiso/recoverytool

Product

Affected Version(s)

Updated Version(s)

Link to Update

Dell OS Recovery Tool

Versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0.

2.3.7523.0 or later

https://www.dell.com/support/home/en-in/drivers/osiso/recoverytool

Revision History

Revision

Date

Description

1.0

2023-11-21

Initial Release

1.1

2023-11-22

Updated Proprietary Code section: Revised CVE Vulnerability Description

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide