Dell SupportAssist Local Authentication Bypass Vulnerability Allows Temporary Privilege Elevation
CVE-2023-39249
5.3MEDIUM
What is CVE-2023-39249?
Dell SupportAssist for Business PCs version 3.4.0 contains a vulnerability that enables locally authenticated non-admin users to gain temporary privileges within the SupportAssist User Interface on their PCs. This issue arises from the feature that permits IT/System Administrators to run driver scans and installations without requiring a logout from the non-admin user session. Though the elevated privileges provide certain enhancements to user experience, they are confined to the SupportAssist User Interface and expire automatically after 15 minutes, which poses potential risks to overall system security and may affect IT management protocols.
Affected Version(s)
SupportAssist Client Consumer 3.4.0