Dell SupportAssist for Home PCs Installer Executable File Vulnerability
CVE-2023-25535

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Supportassist Client Consumer
Vendor: CVE Published:; 14 February 2024

Summary

A vulnerability exists in the Dell SupportAssist for Home PCs Installer Executable file used for initial installations prior to version 3.13.2.19. This issue primarily affects users who installed the software before March 8, 2023, creating a vector for local privilege escalation (LPE). Attackers can exploit this vulnerability to gain elevated access to the system, potentially allowing unauthorized actions and compromising the integrity of user data. Ensuring that the latest version is installed is crucial for maintaining system security and safeguarding user information.

Affected Version(s)

SupportAssist Client Consumer 0 < 3.13.2.19

References

https://www.dell.com/support/kbdoc/en-us/000211410/dell-s...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Feb 7, 2023

Credit

JaeHeng Yoon