DSA-2023-401: Security Update for Dell SupportAssist for Home PCs and Dell SupportAssist for Business PCs user interface component.
Summary: Dell SupportAssist for Home and Business PCs, remediation for a user interface component is available to address a security vulnerability that could be exploited by malicious user to compromise the affected system. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-44283 | In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-44283 | In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| SupportAssist for Home PCs | 3.14.1 and prior | 3.14.2 | SupportAssist for Home PCs |
| SupportAssist for Business PCs | 3.4.1 and prior | 3.5.0 | SupportAssist for Business PCs |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| SupportAssist for Home PCs | 3.14.1 and prior | 3.14.2 | SupportAssist for Home PCs |
| SupportAssist for Business PCs | 3.4.1 and prior | 3.5.0 | SupportAssist for Business PCs |
In specific versions of Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between 3.0 and v3.4.1), a local security vulnerability related to privilege escalation has been discovered, impacting locally authenticated users restricted to that specific PC.
Note: The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Note: The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Workarounds & Mitigations
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023-44283 | Users need to keep the SupportAssist for Home PCs and SupportAssist for Business PCs updated to the latest version. |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-10-31 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
SupportAssist, SupportAssist for Home PCs, SupportAssist for Business PCsArticle Properties
Article Number: 000219086
Article Type: Dell Security Advisory
Last Modified: 31 Oct 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.