cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-52535,https://securityvulnerability.io/vulnerability/CVE-2024-52535,Privilege Escalation Vulnerability in Dell SupportAssist Software,"Dell SupportAssist for Home PCs and Business PCs contains a vulnerability related to symbolic link attacks in the software's remediation component. This issue allows low-privileged, authenticated users to exploit the vulnerability, potentially escalating their privileges. Such exploitation may result in unauthorized deletion of files and folders from affected systems, posing significant risks to data integrity. Users are urged to update to the latest versions to mitigate potential threats and enhance security.",Dell,"Supportassist For Home Pcs,Supportassist For Business Pcs",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-12-25T14:41:36.996Z,0
CVE-2024-38305,https://securityvulnerability.io/vulnerability/CVE-2024-38305,Privilege Escalation Vulnerability in Dell SupportAssist Installer Could Lead to Arbitrary Execution,"The Dell SupportAssist for Home PCs Installer exe version 4.0.3 presents a vulnerability that enables local low-privileged authenticated attackers to exploit the installer process. By leveraging this flaw, attackers can potentially execute arbitrary executables on the system with elevated privileges, leading to serious implications for system integrity and user security. Users of affected versions are advised to apply the necessary security updates to mitigate potential risks.",Dell,Supportassist For Home Pcs,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-21T01:54:46.614Z,0
CVE-2023-44283,https://securityvulnerability.io/vulnerability/CVE-2023-44283,Dell SupportAssist Security Concern Affects Locally Authenticated Users,"A security concern has been identified in Dell SupportAssist for Home PCs versions 3.0 to 3.14.1 and for Business PCs versions 3.0 to 3.4.1. This vulnerability affects locally authenticated users, potentially allowing them to escalate privileges and execute arbitrary code within the Windows system context, limited to the specific local PC. It is imperative for users of these affected products to assess their systems and apply necessary updates to mitigate associated risks.",Dell,"Supportassist For Home Pcs,Supportassist For Business Pcs",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-14T07:49:13.074Z,0
CVE-2023-39249,https://securityvulnerability.io/vulnerability/CVE-2023-39249,Dell SupportAssist Local Authentication Bypass Vulnerability Allows Temporary Privilege Elevation,"Dell SupportAssist for Business PCs version 3.4.0 contains a vulnerability that enables locally authenticated non-admin users to gain temporary privileges within the SupportAssist User Interface on their PCs. This issue arises from the feature that permits IT/System Administrators to run driver scans and installations without requiring a logout from the non-admin user session. Though the elevated privileges provide certain enhancements to user experience, they are confined to the SupportAssist User Interface and expire automatically after 15 minutes, which poses potential risks to overall system security and may affect IT management protocols.",Dell,Supportassist Client Consumer,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-14T07:36:06.873Z,0
CVE-2023-25535,https://securityvulnerability.io/vulnerability/CVE-2023-25535,Dell SupportAssist for Home PCs Installer Executable File Vulnerability,"A vulnerability exists in the Dell SupportAssist for Home PCs Installer Executable file used for initial installations prior to version 3.13.2.19. This issue primarily affects users who installed the software before March 8, 2023, creating a vector for local privilege escalation (LPE). Attackers can exploit this vulnerability to gain elevated access to the system, potentially allowing unauthorized actions and compromising the integrity of user data. Ensuring that the latest version is installed is crucial for maintaining system security and safeguarding user information.",Dell,Supportassist Client Consumer,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-14T07:23:39.610Z,0
CVE-2023-48670,https://securityvulnerability.io/vulnerability/CVE-2023-48670,Privilege Escalation Vulnerability in Dell SupportAssist for Home PCs,"Dell SupportAssist for Home PCs versions 3.14.1 and earlier are affected by a privilege escalation flaw in the installer. This vulnerability may allow a local, low-privileged authenticated attacker to exploit the system. By leveraging this vulnerability, attackers can execute arbitrary code with elevated privileges, potentially compromising the entire operating system.",Dell,SupportAssist Client Consumer,7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-12-22T16:15:00.000Z,0
CVE-2022-34392,https://securityvulnerability.io/vulnerability/CVE-2022-34392,Insufficient Session Expiration in SupportAssist for Home PCs by Dell,"SupportAssist for Home PCs versions 3.11.4 and earlier are vulnerable to an insufficient session expiration issue. This vulnerability allows authenticated, non-admin users to exploit session management by obtaining refresh tokens. As a result, these users can reuse access tokens, granting them unauthorized access to sensitive information within the application, thus raising serious security concerns for users.",Dell,Supportassist,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34388,https://securityvulnerability.io/vulnerability/CVE-2022-34388,Information Disclosure Vulnerability in Dell SupportAssist for Home and Business PCs,"Dell SupportAssist for Home PCs and SupportAssist for Business PCs contain a vulnerability that allows a local malicious user with limited privileges to access and potentially alter sensitive information stored within the application's database. This could lead to unauthorized disclosure of user data and compromise system integrity, making it essential for users to ensure they are running the latest versions to mitigate risks.",Dell,Supportassist,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34385,https://securityvulnerability.io/vulnerability/CVE-2022-34385,Cryptographic Weakness in SupportAssist for Home and Business PCs by Dell,"SupportAssist for Home PCs and SupportAssist for Business PCs harbors a cryptographic weakness that allows authenticated non-admin users to potentially exploit this flaw to access sensitive information, posing significant security risks to affected systems.",Dell,Supportassist Client Consumer,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34384,https://securityvulnerability.io/vulnerability/CVE-2022-34384,Local Privilege Escalation in Dell SupportAssist and Related Tools,"The vulnerability affects Dell SupportAssist Client for both consumer and commercial users, as well as Dell Command | Update, Dell Update, and Alienware Update. Local users with malicious intent could exploit this weakness found in the Advanced Driver Restore component, potentially gaining elevated privileges on the affected systems. It is crucial for users and administrators to verify whether they are using one of the impacted versions and to apply the necessary updates to mitigate any potential risks.",Dell,Supportassist Client Consumer,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34386,https://securityvulnerability.io/vulnerability/CVE-2022-34386,Cryptographic Weakness in Dell SupportAssist Products,"Dell SupportAssist, utilized in Home and Business PCs, harbors a cryptographic weakness that can be exploited by authenticated non-admin users. This vulnerability allows potential access to sensitive information, posing significant risks to the privacy and security of user data.",Dell,Supportassist Client Consumer,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34387,https://securityvulnerability.io/vulnerability/CVE-2022-34387,Privilege Escalation in Dell SupportAssist for Home and Business PCs,"Dell SupportAssist for Home and Business PCs suffers from a privilege escalation vulnerability that can be exploited by a local authenticated malicious user. This flaw allows the attacker to elevate their privileges, potentially leading to total system control. Affected versions include SupportAssist for Home PCs up to version 3.11.4 and SupportAssist for Business PCs up to version 3.2.0.",Dell,Supportassist,6.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34389,https://securityvulnerability.io/vulnerability/CVE-2022-34389,Rate Limit Bypass in Dell SupportAssist,"Dell SupportAssist suffers from a rate limit bypass vulnerability in its screenmeet API component. This flaw allows an unauthenticated attacker to impersonate a legitimate customer, potentially leading to unauthorized access to support services provided by Dell. Exploiting this vulnerability could undermine customer trust and facilitate further malicious actions against both customers and the support infrastructure.",Dell,Supportassist,3.7,LOW,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34366,https://securityvulnerability.io/vulnerability/CVE-2022-34366,Overly Permissive Cross-domain Whitelist Vulnerability in Dell SupportAssist,"Dell SupportAssist for Home PCs versions 3.11.2 and earlier are vulnerable to an overly permissive cross-domain whitelist issue. This vulnerability could allow authenticated non-administrative users to exploit the flaw to access sensitive information that should otherwise be protected, potentially compromising system security and privacy.",Dell,Supportassist Client Consumer,6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-02-10T19:18:37.828Z,0
CVE-2022-29093,https://securityvulnerability.io/vulnerability/CVE-2022-29093,Arbitrary File Deletion Vulnerability in Dell SupportAssist Client,"Dell SupportAssist Client, both Consumer and Commercial versions, contain a vulnerability that allows authenticated non-admin users to delete arbitrary files on the system. This can lead to potential data loss and system instability, as unauthorized users may exploit this weakness to remove crucial files. It is essential for users of affected versions to update their software promptly to mitigate the associated risks.",Dell,Supportassist Client Commercial,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-06-10T20:15:00.000Z,0
CVE-2022-29094,https://securityvulnerability.io/vulnerability/CVE-2022-29094,Arbitrary File Deletion and Overwrite Vulnerability in Dell SupportAssist Client,"Dell SupportAssist Client versions 3.10.4 and earlier for consumer use, as well as versions 3.1.1 and earlier for commercial applications, are susceptible to an arbitrary file deletion and overwrite vulnerability. This issue allows authenticated non-administrative users to delete or overwrite arbitrary files on the affected system, thereby posing a significant risk to the security and integrity of user data.",Dell,Supportassist Client Consumer,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-06-10T20:15:00.000Z,0
CVE-2022-29092,https://securityvulnerability.io/vulnerability/CVE-2022-29092,Privilege Escalation Vulnerability in Dell SupportAssist Client,"The Dell SupportAssist Client for Consumer and Commercial users is affected by a vulnerability that allows a non-admin user to escalate their privileges to gain admin access to the system. This issue exists in versions 3.11.0 and earlier for Consumer products, and versions 3.2.0 and earlier for Commercial products, exposing users to potential unauthorized control and administrative capabilities on their machines. It is crucial for users to ensure they are updated to the latest version to mitigate this risk.",Dell,Supportassist Consumer,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-06-10T20:15:00.000Z,0
CVE-2022-29095,https://securityvulnerability.io/vulnerability/CVE-2022-29095,Cross-Site Scripting Vulnerability in Dell SupportAssist Client,"Dell SupportAssist Client, both Consumer and Commercial versions, are impacted by a cross-site scripting vulnerability. An attacker can exploit this flaw to execute malicious scripts on vulnerable systems when specific conditions are met, allowing unauthorized actions and potential system compromise. It is critical for users to update to the latest versions to mitigate this risk.",Dell,Supportassist Consumer,8.3,HIGH,0.0023900000378489494,false,,false,false,false,,,false,false,,2022-06-10T20:15:00.000Z,0
CVE-2021-36286,https://securityvulnerability.io/vulnerability/CVE-2021-36286,Arbitrary File Deletion Vulnerability in Dell SupportAssist Client,"The Dell SupportAssist Client Consumer, versions 3.9.13.0 and earlier, is impacted by a vulnerability that allows non-privileged users to exploit NTFS symbolic links and junction points. This issue arises when the SupportAssist application's functionality to clean files fails to properly differentiate between junction points and physical folders. By leveraging this flaw, an attacker can manipulate the system to delete arbitrary files that typically require administrative access, thus posing a significant risk to system integrity.",Dell,Supportassist Client Consumer,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-09-28T20:15:00.000Z,0
CVE-2021-36297,https://securityvulnerability.io/vulnerability/CVE-2021-36297,Untrusted Search Path Vulnerability in Dell SupportAssist Client,"The SupportAssist Client versions 3.8 and 3.9 from Dell are susceptible to an untrusted search path vulnerability. This issue permits attackers to exploit the system by loading arbitrary .dll files through a process known as .dll planting or hijacking. This tactic requires a separate administrative action, which is not part of the standard installation executed by the SOSInstallerTool.exe. The flaw poses significant security risks, making it essential for users to apply available updates and mitigate potential threats.",Dell,Supportassist Client Consumer,7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2021-09-28T20:15:00.000Z,0
CVE-2020-5316,https://securityvulnerability.io/vulnerability/CVE-2020-5316,,"Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.",Dell,Dell Supportassist Client,7.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-07-22T17:15:00.000Z,0
CVE-2021-21518,https://securityvulnerability.io/vulnerability/CVE-2021-21518,,"Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.",Dell,Dell Supportassist Client,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-03-12T20:15:00.000Z,0
CVE-2019-3735,https://securityvulnerability.io/vulnerability/CVE-2019-3735,,"Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.",Dell,"Dell Supportassist For Business Pcs,Dell Supportassist For Home Pcs",7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-06-20T22:15:00.000Z,0
CVE-2019-3719,https://securityvulnerability.io/vulnerability/CVE-2019-3719,,"Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.",Dell,Supportassist Client,7.1,HIGH,0.004999999888241291,false,,false,false,true,2019-05-01T04:43:55.000Z,true,false,false,,2019-04-18T20:29:00.000Z,0
CVE-2019-3718,https://securityvulnerability.io/vulnerability/CVE-2019-3718,,Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.,Dell,Supportassist Client,7.6,HIGH,0.0015999999595806003,false,,false,false,false,,,false,false,,2019-04-18T20:29:00.000Z,0