← back
CVE-2022-26865

CVE-2022-26865

CVSS 6.8 MEDIUMEPSS 0.3%CWE-288
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 May 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Dell · Dell OS Recovery Tool

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.dell.com/support/kbdoc/en-us/000198780/dsa-2022-102