Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000133578

DSA-2020-059: Dell OS Recovery Image Insecure Inherited Permissions Vulnerability

Summary: Dell Windows 10 recovery images require an update to address an insecure inherited permissions vulnerability.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Impact

High

Details

  • Insecure Inherited Permissions Vulnerability
CVE-2020-5343

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

CVSS Base Score: 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
  • Insecure Inherited Permissions Vulnerability
CVE-2020-5343

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

CVSS Base Score: 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected products:

Dell Client platforms licensed for Microsoft Windows 10 restored using a Dell OS recovery image for Microsoft Windows 10 that was downloaded before December 20, 2019.
 

Remediation:

Dell OS recovery images released December 20, 2019 and later have been updated to remediate this vulnerability.

 

Customers who used a Dell OS recovery image for Microsoft Windows 10, downloaded before December 20, 2019, should install the Critical Update labeled as "Dell Security Advisory DSA-2020-059" using one of the following Dell Download Notification Applications:

  • Dell Update 3.1 or later
  • Dell Command Update 3.1 or later
  • Dell SupportAssist 3.4.1 or later

 

Installation of this update will remediate this vulnerability on affected systems without further user interaction.

 

Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).

Affected products:

Dell Client platforms licensed for Microsoft Windows 10 restored using a Dell OS recovery image for Microsoft Windows 10 that was downloaded before December 20, 2019.
 

Remediation:

Dell OS recovery images released December 20, 2019 and later have been updated to remediate this vulnerability.

 

Customers who used a Dell OS recovery image for Microsoft Windows 10, downloaded before December 20, 2019, should install the Critical Update labeled as "Dell Security Advisory DSA-2020-059" using one of the following Dell Download Notification Applications:

  • Dell Update 3.1 or later
  • Dell Command Update 3.1 or later
  • Dell SupportAssist 3.4.1 or later

 

Installation of this update will remediate this vulnerability on affected systems without further user interaction.

 

Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Product Security Information

Last Published Date

10 Nov 2021

Article Type

Dell Security Advisory

Back to Top