NewsSecurity Vulnerabilities

Dell ImageAssist Information Disclosure Vulnerability [CVE-2019-3767]

CVE number – CVE-2019-3767

DSA Identifier: DSA-2019-139

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.

Resolution:

The following Dell ImageAssist release contains a resolution to the vulnerability:

  • Dell ImageAssist version 8.7.15

Dell recommends all customers upgrade at the earliest opportunity.

IT administrators who created images with Dell ImageAssist prior to 8.7.15 should change any password included in the created image on the deployed systems.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.