16 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. En Dell SupportAssist para PC domésticas (entre v3.0 y v3.14.1) y SupportAssist para PC empresariales (entre v3.0 y v3.4.1), se identificó un problema de seguridad que afecta a los usuarios autenticados localmente en sus respectivas PC. Este problema puede permitir potencialmente la escalada de privilegios y la ejecución de código arbitrario, en el contexto del sistema Windows y limitado a esa PC local específica. • https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. • https://www.dell.com/support/kbdoc/000204114 • CWE-613: Insufficient Session Expiration •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. • https://www.dell.com/support/kbdoc/000204114 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. • https://www.dell.com/support/kbdoc/000204114 • CWE-312: Cleartext Storage of Sensitive Information CWE-318: Cleartext Storage of Sensitive Information in Executable •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. • https://www.dell.com/support/kbdoc/000204114 • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •