Sign-up

ID

VAR-202205-2083


CVE

CVE-2022-26865


TITLE

DELL SupportAssist OS Recovery Authorization problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-4199

DESCRIPTION

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator

Trust: 0.99

sources: NVD: CVE-2022-26865 // VULHUB: VHN-417520

AFFECTED PRODUCTS

vendor:dellmodel:supportassist os recoveryscope:eqversion:5.5.1

Trust: 1.0

sources: NVD: CVE-2022-26865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26865
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2022-26865
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202205-4199
value: MEDIUM

Trust: 0.6

VULHUB: VHN-417520
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-26865
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-417520
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-26865
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-417520 // CNNVD: CNNVD-202205-4199 // NVD: CVE-2022-26865 // NVD: CVE-2022-26865

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-288

Trust: 1.0

sources: VULHUB: VHN-417520 // NVD: CVE-2022-26865

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202205-4199

PATCH

title:DELL SupportAssist OS Recovery Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195266

Trust: 0.6

sources: CNNVD: CNNVD-202205-4199

EXTERNAL IDS

db:NVDid:CVE-2022-26865

Trust: 1.7

db:CNNVDid:CNNVD-202205-4199

Trust: 0.6

db:VULHUBid:VHN-417520

Trust: 0.1

sources: VULHUB: VHN-417520 // CNNVD: CNNVD-202205-4199 // NVD: CVE-2022-26865

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000198780/dsa-2022-102

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-26865/

Trust: 0.6

sources: VULHUB: VHN-417520 // CNNVD: CNNVD-202205-4199 // NVD: CVE-2022-26865

SOURCES

db:VULHUBid:VHN-417520
db:CNNVDid:CNNVD-202205-4199
db:NVDid:CVE-2022-26865

LAST UPDATE DATE

2024-11-23T22:43:55.899000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-417520date:2022-06-07T00:00:00
db:CNNVDid:CNNVD-202205-4199date:2022-06-08T00:00:00
db:NVDid:CVE-2022-26865date:2024-11-21T06:54:42.340

SOURCES RELEASE DATE

db:VULHUBid:VHN-417520date:2022-05-26T00:00:00
db:CNNVDid:CNNVD-202205-4199date:2022-05-26T00:00:00
db:NVDid:CVE-2022-26865date:2022-05-26T16:15:08.250