Privilege Escalation Vulnerability in Dell SupportAssist for Home PCs
CVE-2023-48670

7.3HIGH

Key Information:

Vendor: Dell
Status: SupportAssist Client Consumer
Vendor: CVE Published:; 22 December 2023

Summary

Dell SupportAssist for Home PCs versions 3.14.1 and earlier are affected by a privilege escalation flaw in the installer. This vulnerability may allow a local, low-privileged authenticated attacker to exploit the system. By leveraging this vulnerability, attackers can execute arbitrary code with elevated privileges, potentially compromising the entire operating system.

Affected Version(s)

SupportAssist Client Consumer 3.14.2.45116

References

https://www.dell.com/support/kbdoc/en-us/000220677/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 22, 2023
Vulnerability Reserved
Nov 17, 2023

Credit

Dell would like to thank Dohyun Lee (@l33d0hyun) for reporting this issue.