cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-39249,https://securityvulnerability.io/vulnerability/CVE-2023-39249,Dell SupportAssist Local Authentication Bypass Vulnerability Allows Temporary Privilege Elevation,"Dell SupportAssist for Business PCs version 3.4.0 contains a vulnerability that enables locally authenticated non-admin users to gain temporary privileges within the SupportAssist User Interface on their PCs. This issue arises from the feature that permits IT/System Administrators to run driver scans and installations without requiring a logout from the non-admin user session. Though the elevated privileges provide certain enhancements to user experience, they are confined to the SupportAssist User Interface and expire automatically after 15 minutes, which poses potential risks to overall system security and may affect IT management protocols.",Dell,Supportassist Client Consumer,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-14T07:36:06.873Z,0
CVE-2023-25535,https://securityvulnerability.io/vulnerability/CVE-2023-25535,Dell SupportAssist for Home PCs Installer Executable File Vulnerability,"A vulnerability exists in the Dell SupportAssist for Home PCs Installer Executable file used for initial installations prior to version 3.13.2.19. This issue primarily affects users who installed the software before March 8, 2023, creating a vector for local privilege escalation (LPE). Attackers can exploit this vulnerability to gain elevated access to the system, potentially allowing unauthorized actions and compromising the integrity of user data. Ensuring that the latest version is installed is crucial for maintaining system security and safeguarding user information.",Dell,Supportassist Client Consumer,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-14T07:23:39.610Z,0
CVE-2023-48670,https://securityvulnerability.io/vulnerability/CVE-2023-48670,Privilege Escalation Vulnerability in Dell SupportAssist for Home PCs,"Dell SupportAssist for Home PCs versions 3.14.1 and earlier are affected by a privilege escalation flaw in the installer. This vulnerability may allow a local, low-privileged authenticated attacker to exploit the system. By leveraging this vulnerability, attackers can execute arbitrary code with elevated privileges, potentially compromising the entire operating system.",Dell,SupportAssist Client Consumer,7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-12-22T16:15:00.000Z,0
CVE-2022-34386,https://securityvulnerability.io/vulnerability/CVE-2022-34386,Cryptographic Weakness in Dell SupportAssist Products,"Dell SupportAssist, utilized in Home and Business PCs, harbors a cryptographic weakness that can be exploited by authenticated non-admin users. This vulnerability allows potential access to sensitive information, posing significant risks to the privacy and security of user data.",Dell,Supportassist Client Consumer,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34384,https://securityvulnerability.io/vulnerability/CVE-2022-34384,Local Privilege Escalation in Dell SupportAssist and Related Tools,"The vulnerability affects Dell SupportAssist Client for both consumer and commercial users, as well as Dell Command | Update, Dell Update, and Alienware Update. Local users with malicious intent could exploit this weakness found in the Advanced Driver Restore component, potentially gaining elevated privileges on the affected systems. It is crucial for users and administrators to verify whether they are using one of the impacted versions and to apply the necessary updates to mitigate any potential risks.",Dell,Supportassist Client Consumer,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34385,https://securityvulnerability.io/vulnerability/CVE-2022-34385,Cryptographic Weakness in SupportAssist for Home and Business PCs by Dell,"SupportAssist for Home PCs and SupportAssist for Business PCs harbors a cryptographic weakness that allows authenticated non-admin users to potentially exploit this flaw to access sensitive information, posing significant security risks to affected systems.",Dell,Supportassist Client Consumer,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-11T01:23:00.000Z,0
CVE-2022-34366,https://securityvulnerability.io/vulnerability/CVE-2022-34366,Overly Permissive Cross-domain Whitelist Vulnerability in Dell SupportAssist,"Dell SupportAssist for Home PCs versions 3.11.2 and earlier are vulnerable to an overly permissive cross-domain whitelist issue. This vulnerability could allow authenticated non-administrative users to exploit the flaw to access sensitive information that should otherwise be protected, potentially compromising system security and privacy.",Dell,Supportassist Client Consumer,6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-02-10T19:18:37.828Z,0
CVE-2022-29094,https://securityvulnerability.io/vulnerability/CVE-2022-29094,Arbitrary File Deletion and Overwrite Vulnerability in Dell SupportAssist Client,"Dell SupportAssist Client versions 3.10.4 and earlier for consumer use, as well as versions 3.1.1 and earlier for commercial applications, are susceptible to an arbitrary file deletion and overwrite vulnerability. This issue allows authenticated non-administrative users to delete or overwrite arbitrary files on the affected system, thereby posing a significant risk to the security and integrity of user data.",Dell,Supportassist Client Consumer,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-06-10T20:15:00.000Z,0
CVE-2022-29093,https://securityvulnerability.io/vulnerability/CVE-2022-29093,Arbitrary File Deletion Vulnerability in Dell SupportAssist Client,"Dell SupportAssist Client, both Consumer and Commercial versions, contain a vulnerability that allows authenticated non-admin users to delete arbitrary files on the system. This can lead to potential data loss and system instability, as unauthorized users may exploit this weakness to remove crucial files. It is essential for users of affected versions to update their software promptly to mitigate the associated risks.",Dell,Supportassist Client Commercial,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-06-10T20:15:00.000Z,0
CVE-2021-36286,https://securityvulnerability.io/vulnerability/CVE-2021-36286,Arbitrary File Deletion Vulnerability in Dell SupportAssist Client,"The Dell SupportAssist Client Consumer, versions 3.9.13.0 and earlier, is impacted by a vulnerability that allows non-privileged users to exploit NTFS symbolic links and junction points. This issue arises when the SupportAssist application's functionality to clean files fails to properly differentiate between junction points and physical folders. By leveraging this flaw, an attacker can manipulate the system to delete arbitrary files that typically require administrative access, thus posing a significant risk to system integrity.",Dell,Supportassist Client Consumer,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-09-28T20:15:00.000Z,0
CVE-2021-36297,https://securityvulnerability.io/vulnerability/CVE-2021-36297,Untrusted Search Path Vulnerability in Dell SupportAssist Client,"The SupportAssist Client versions 3.8 and 3.9 from Dell are susceptible to an untrusted search path vulnerability. This issue permits attackers to exploit the system by loading arbitrary .dll files through a process known as .dll planting or hijacking. This tactic requires a separate administrative action, which is not part of the standard installation executed by the SOSInstallerTool.exe. The flaw poses significant security risks, making it essential for users to apply available updates and mitigate potential threats.",Dell,Supportassist Client Consumer,7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2021-09-28T20:15:00.000Z,0
CVE-2020-5316,https://securityvulnerability.io/vulnerability/CVE-2020-5316,,"Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.",Dell,Dell Supportassist Client,7.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-07-22T17:15:00.000Z,0
CVE-2021-21518,https://securityvulnerability.io/vulnerability/CVE-2021-21518,,"Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.",Dell,Dell Supportassist Client,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-03-12T20:15:00.000Z,0
CVE-2019-3719,https://securityvulnerability.io/vulnerability/CVE-2019-3719,,"Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.",Dell,Supportassist Client,7.1,HIGH,0.004999999888241291,false,,false,false,true,2019-05-01T04:43:55.000Z,true,false,false,,2019-04-18T20:29:00.000Z,0
CVE-2019-3718,https://securityvulnerability.io/vulnerability/CVE-2019-3718,,Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.,Dell,Supportassist Client,7.6,HIGH,0.0015999999595806003,false,,false,false,false,,,false,false,,2019-04-18T20:29:00.000Z,0