Dell ImageAssist Information Disclosure Vulnerability [CVE-2019-3767]
CVE number – CVE-2019-3767
DSA Identifier: DSA-2019-139
Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.
Resolution:
The following Dell ImageAssist release contains a resolution to the vulnerability:
- Dell ImageAssist version 8.7.15
Dell recommends all customers upgrade at the earliest opportunity.
IT administrators who created images with Dell ImageAssist prior to 8.7.15 should change any password included in the created image on the deployed systems.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.