Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes.
References
Link | Resource |
---|---|
https://www.dell.com/support/kbdoc/en-us/000216574/security-update-for-dell-supportassist-for-business-pcs-vulnerability | Vendor Advisory |
Configurations
History
17 Oct 2024, 14:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dell:supportassist_for_home_pcs:3.4.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
Summary |
|
|
First Time |
Dell
Dell supportassist For Home Pcs |
|
CWE | NVD-CWE-Other | |
References | () https://www.dell.com/support/kbdoc/en-us/000216574/security-update-for-dell-supportassist-for-business-pcs-vulnerability - Vendor Advisory |
14 Feb 2024, 13:59
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-14 08:15
Updated : 2024-10-17 14:27
NVD link : CVE-2023-39249
Mitre link : CVE-2023-39249
CVE.ORG link : CVE-2023-39249
JSON object : View
Products Affected
dell
- supportassist_for_home_pcs
CWE