CVE-2022-26865
First published: Thu May 26 2022(Updated: )
Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell SupportAssist | =5.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-26865?
CVE-2022-26865 has been assigned a high severity rating due to the potential for exploitation by an unauthenticated attacker with physical access.
How do I fix CVE-2022-26865?
To fix CVE-2022-26865, users should update Dell SupportAssist OS Recovery to version 5.5.2 or later.
What type of attack can exploit CVE-2022-26865?
CVE-2022-26865 can be exploited by an attacker to bypass OS Recovery authentication and execute arbitrary code as an Administrator.
Who is affected by CVE-2022-26865?
Users of Dell SupportAssist OS Recovery versions prior to 5.5.2 are affected by CVE-2022-26865.
What is the main vulnerability in CVE-2022-26865?
The main vulnerability in CVE-2022-26865 is an authentication bypass that allows unauthorized access to system recovery features.
- agent/weakness
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell supportassist
- version/dell supportassist/5.5.1