CVE-2019-3767 - Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell Imag

CVE-2019-3767

Summary

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.

References

https://www.dell.com/support/article/us/en/19/sln318831/dsa-2019-139

Vulnerable Configurations

cpe:2.3:a:dell:imageassist:4.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:4.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:5.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:5.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:5.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:5.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:6.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:6.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:7.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:7.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:7.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:7.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.7.1.4:*:*:*:*:*:*:*
cpe:2.3:a:dell:imageassist:8.7.1.4:*:*:*:*:*:*:*

CVSS

Base:	1.9 (as of 16-10-2020 - 14:19)
Impact:
Exploitability:

CWE

CWE-312

CAPEC

Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:N/A:N

refmap via4

confirm

https://www.dell.com/support/article/us/en/19/sln318831/dsa-2019-139

Last major update

16-10-2020 - 14:19

Published

14-10-2019 - 18:15

Last modified

16-10-2020 - 14:19