CVE Vulnerabilities

CVE-2022-26865

Authentication Bypass Using an Alternate Path or Channel

Published: May 26, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.8
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Supportassist_os_recovery Dell 5.5.1 (including) 5.5.1 (including)

Potential Mitigations

References