CVE-2020-5343
HIGHDell OS Recovery Image for Windows 10 < 2019-12-20 - Unauthorized Access via Insecure Permissions
Title source: llmDescription
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.
References (1)
Core 1
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/SLN321036
Scores
CVSS v3
7.3
EPSS
0.0027
EPSS Percentile
18.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-277
CWE-863
Status
published
Products (1)
dell/os_recovery_image_for_microsoft_windows_10
< 2019-12-20
Published
May 04, 2020
Tracked Since
Feb 18, 2026