CVE-2020-5343
04.05.2020, 19:15
Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | os_recovery_image_for_microsoft_windows_10 | 𝑥 < 2019-12-20 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-277 - Insecure Inherited PermissionsA product defines a set of insecure permissions that are inherited by objects that are created by the program.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.