Improper Privilege Management in Dell SupportAssist for Business and Home PCs
CVE-2019-3735

7HIGH

Key Information:

Vendor: Dell
Status: Dell Supportassist For Business Pcs; Dell Supportassist For Home Pcs
Vendor: CVE Published:; 20 June 2019

Summary

Dell SupportAssist for Business and Home PCs contains an improper privilege management vulnerability. This allows a malicious local user to exploit the system by inheriting a system thread via a leaked thread handle. By doing so, the attacker can gain elevated system privileges, potentially compromising system security and data integrity.

Affected Version(s)

Dell SupportAssist for Business PCs 2.0

Dell SupportAssist for Home PCs 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1

References

http://www.dell.com/support/article/sln317453

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2019
Vulnerability Reserved
Jan 3, 2019

Credit

Dell would like to thank Bill Demirkapi for reporting this vulnerability.