CVE-2023-25535

Published: Feb 14, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.6 / Impact: 5.9

Source: NVD

Description

Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023

Affected (1)

Products: Dell: Supportassist For Home Pcs

1 product

Supportassist For Home Pcs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Supportassist For Home Pcs	Before 3.13.2.19

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.dell.com/support/kbdoc/en-us/000211410/dell-supportassist-for-home-pcs-security-update-for-installer-executable-file-for-local-privilege-escalation-lpe-vulnerability

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000211410/dell-supportassist-for-home-pcs-security-update-for-installer-executable-file-for-local-privilege-escalation-lpe-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.