Article Number: 000212575
DSA-2023-147: Dell OS Recovery Tool Security Update for an Improper Access Control Vulnerability
Summary: Dell OS Recovery Tool remediation is available for an Improper Access Control vulnerability that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-28066 | Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2023-28066 | Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | 7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products and Remediation
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell OS Recovery Tool | Versions 2.2.4013 and 2.3.7012.0 |
2.3.7515.0 | Download Dell OS Recovery Tool |
| Product | Affected Version(s) | Updated Version(s) | Link to Update |
| Dell OS Recovery Tool | Versions 2.2.4013 and 2.3.7012.0 |
2.3.7515.0 | Download Dell OS Recovery Tool |
Workarounds and Mitigations
None.
Acknowledgements
CVE-2023-28066: Dell Technologies would like to thank Gee-netics for reporting this issue.
Revision History
| Revision | Date | Description |
| 1.0 | 2023-05-31 | Initial Release |
Related Information
Legal Information
Article Properties
Affected Product
Software & Drivers, Product Security Information
Last Published Date
31 May 2023
Article Type
Dell Security Advisory