Millions of Dell Computers, both Business & home PCs exposed to vulnerability in Dell SupportAssist software.
A preinstalled monitoring tool Dell SupportAssist, on Dell devices has reported a High severity vulnerability. which affects home and business PCs. It allows users to execute arbitrary code with higher privileges on an affected device. A low privileged user can exploit this vulnerability causing the loading of arbitrary DLLs by the SupportAssist binaries.
This vulnerability occurs when application uses the directory search path to locate resources, but the path has directory that can be altered by an attacker to upgrade privileges from low to administrator. Resulting in the privileged execution of arbitrary code.
Dell SupportAssist actively checks system hardware and software; in case of an issues it notifies Dell for troubleshooting.
According to Dell, the flaw is in Dell SupportAssist for business PCs 2.1.3 or older and home PCs 3.4 or older.
The vulnerability can be tracked as CVE-2020-5316 and received a CVSS Base Score: 7.8.
Infected Versions
- Dell SupportAssist for business PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3
- Dell SupportAssist for home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4
Patch version
released by Dell
Dell SupportAssist for business PCs version 2.1.4
Dell SupportAssist for home PCs version 3.4.1