Privilege Escalation Vulnerability in Dell SupportAssist Installer Could Lead to Arbitrary Execution
CVE-2024-38305

7.3HIGH

Key Information:

Vendor: Dell
Status: Supportassist For Home Pcs
Vendor: CVE Published:; 21 August 2024

Summary

The Dell SupportAssist for Home PCs Installer exe version 4.0.3 presents a vulnerability that enables local low-privileged authenticated attackers to exploit the installer process. By leveraging this flaw, attackers can potentially execute arbitrary executables on the system with elevated privileges, leading to serious implications for system integrity and user security. Users of affected versions are advised to apply the necessary security updates to mitigate potential risks.

Affected Version(s)

SupportAssist for Home PCs 4.0.3

References

https://www.dell.com/support/kbdoc/en-us/000227899/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2024
Vulnerability Reserved
Jun 13, 2024

Credit

Dell would like to thank Shaurya1337 and sahilshah3276 for reporting this issue.