CVE-2020-5343 - Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, m

CVE-2020-5343

Summary

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

References

https://www.dell.com/support/article/SLN321036

Vulnerable Configurations

cpe:2.3:o:dell:os_recovery_image_for_microsoft_windows_10:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:os_recovery_image_for_microsoft_windows_10:*:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 08-05-2020 - 16:56)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc

https://www.dell.com/support/article/SLN321036

Last major update

08-05-2020 - 16:56

Published

04-05-2020 - 19:15

Last modified

08-05-2020 - 16:56