2022-03-10 20:01:18 +00:00
{
"CVE_data_meta" : {
2022-05-26 11:10:57 -04:00
"ASSIGNER" : "secure@dell.com" ,
"DATE_PUBLIC" : "2022-04-26" ,
2022-03-10 20:01:18 +00:00
"ID" : "CVE-2022-26865" ,
2022-05-26 11:10:57 -04:00
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Dell OS Recovery Tool" ,
"version" : {
"version_data" : [
{
"version_affected" : "<" ,
"version_value" : "5.5.2"
}
]
}
}
]
} ,
"vendor_name" : "Dell"
}
]
}
2022-03-10 20:01:18 +00:00
} ,
2022-05-26 11:10:57 -04:00
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
2022-03-10 20:01:18 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2022-05-26 11:10:57 -04:00
"value" : "Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator."
}
]
} ,
"impact" : {
"cvss" : {
"baseScore" : 6.8 ,
"baseSeverity" : "Medium" ,
"vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"version" : "3.1"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2022-05-26 16:01:48 +00:00
"refsource" : "MISC" ,
"url" : "https://www.dell.com/support/kbdoc/en-us/000198780/dsa-2022-102" ,
"name" : "https://www.dell.com/support/kbdoc/en-us/000198780/dsa-2022-102"
2022-03-10 20:01:18 +00:00
}
]
}
}
