CVE-2023-39259: DSA-2023-319: Security Update for a Dell OS Recovery Tool Vulnerability

Impact

High

Details

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39259

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Proprietary Code CVE(s)

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39259

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product

Software/Firmware

Affected Version(s)

Updated Version(s)

Link

Dell OS Recovery Tool

SW

Versions 2.3.7012.0, 2.2.4013, and 2.3.7515.0.

2.3.7523.0 or later

https://www.dell.com/support/home/en-in/drivers/osiso/recoverytool

Product

Software/Firmware

Affected Version(s)

Updated Version(s)

Link

Dell OS Recovery Tool

SW

Versions 2.3.7012.0, 2.2.4013, and 2.3.7515.0.

2.3.7523.0 or later

https://www.dell.com/support/home/en-in/drivers/osiso/recoverytool

Acknowledgements

CVE-2023-39259: Dell Technologies would like to thank Gee-netics for reporting this issue.

Revision History

Revision

Date

Description

1.0

2023-11-14

Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide