CVE-2021-21518

Published: Mar 12, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Affected (8)

Products: Dell: Supportassist Client Promanage, Supportassist For Business Pcs, Supportassist For Home Pcs

Dell

3 products

Supportassist Client Promanage

Supportassist For Business Pcs

Supportassist For Home Pcs

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Dell Supportassist Client Promanage	Version 1.0
Dell Supportassist For Business Pcs	Version 2.0.0
Dell Supportassist For Business Pcs	Version 2.1.0
Dell Supportassist For Business Pcs	Version 2.2.0
Dell Supportassist For Home Pcs	Version 3.3.3
Dell Supportassist For Home Pcs	Version 3.4.0
Dell Supportassist For Home Pcs	Version 3.6.0
Dell Supportassist For Home Pcs	Version 3.7.0

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.