Dell Technologies released a knowledge base article (Article Number: 000217699) for an improper access control vulnerability in Dell OS recovery tool. Recognized as CVE-2023-39253, this vulnerability poses a significant risk. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.
To safeguard against this risk, it is imperative to act and implement the recommended security measures – Upgrade to Dell OS recovery tool version 2.3.7523.0 or later.
CVE-2023-39253
This noteworthy security vulnerability has been classified as a high-severity issue by Dell Technologies with a base score of 7.3. However, it’s important to note that there is limited information available at the moment, as this vulnerability is currently awaiting analysis.
The affected products and versions, including Dell OS Recovery Tool Versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0
A solution to the vulnerability lies in updating to the latest versions, specifically 2.3.7523.0 or later, and users can find the necessary update through the following link: https://www.dell.com/support/home/en-in/drivers/osiso/recoverytool.
In summary, Dell Technologies has classified this as a high-level vulnerability. It exclusively impacts Dell OS Recovery Tool Versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0. Should you find yourself affected, we strongly urge you to consult the references provided for detailed mitigation strategies. If you have any inquiries or apprehensions, kindly refer to the “Contact Us” section for further assistance and information.
If you have any questions or require further information on any other cybersecurity matters, please don’t hesitate to contact our dedicated team at [email protected].
If you want to see more about the SOC service we offer, please follow this link https://maidar.io
To ask a question, go to our support portal, Maidar Secure SOC Customer Support
