CVE-2022-26865
MEDIUMDell Support Assist OS Recovery <5.5.2 - Auth Bypass
Title source: llmDescription
Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/en-us/000198780/dsa-2022-102
Scores
CVSS v3
6.8
EPSS
0.0006
EPSS Percentile
18.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-288
Status
published
Products (1)
dell/supportassist_os_recovery
5.5.1
Published
May 26, 2022
Tracked Since
Feb 18, 2026