CVE number – CVE-2019-3767
DSA Identifier: DSA-2019-139
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.
The following Dell ImageAssist release contains a resolution to the vulnerability:
- Dell ImageAssist version 8.7.15
Dell recommends all customers upgrade at the earliest opportunity.
IT administrators who created images with Dell ImageAssist prior to 8.7.15 should change any password included in the created image on the deployed systems.