Dell SupportAssist Security Concern Affects Locally Authenticated Users
CVE-2023-44283

7.8HIGH

Key Information:

Vendor: Dell
Status: Supportassist For Home Pcs; Supportassist For Business Pcs
Vendor: CVE Published:; 14 February 2024

Summary

A security concern has been identified in Dell SupportAssist for Home PCs versions 3.0 to 3.14.1 and for Business PCs versions 3.0 to 3.4.1. This vulnerability affects locally authenticated users, potentially allowing them to escalate privileges and execute arbitrary code within the Windows system context, limited to the specific local PC. It is imperative for users of these affected products to assess their systems and apply necessary updates to mitigate associated risks.

Affected Version(s)

SupportAssist for Business PCs 0 <= 3.4.1

SupportAssist for Home PCs 0 <= 3.14.1

References

https://www.dell.com/support/kbdoc/en-us/000219086/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Sep 28, 2023