DSA-2024-312: Security Update for Dell SupportAssist for Home PCs Installer file Local Privilege Escalation Vulnerability
Summary: Dell SupportAssist for Home PCs remediation is available for the SupportAssist Installer file that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-38305 | Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-38305 | Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Affected Products & Remediation
| Product | Software/Firmware | Affected Versions |
Remediated Versions | Link |
|---|---|---|---|---|
| SupportAssist for Home PCs | SupportAssist Installer | 4.0.3 | 4.3.1 | SupportAssist for Home PCs |
| Product | Software/Firmware | Affected Versions |
Remediated Versions | Link |
|---|---|---|---|---|
| SupportAssist for Home PCs | SupportAssist Installer | 4.0.3 | 4.3.1 | SupportAssist for Home PCs |
The fix for SupportAssistInstaller.exe has been deployed to systems in production which remediates new installations and future upgrades for SupportAssist for Home PCs. Customers are not required to take any action and should not uninstall or reinstall SupportAssist for Home PCs that is already on their systems.
The vulnerability does not impact any version of already installed Support Assist for Home PCs because it only affects SupportAssistInstaller.exe.
The vulnerability does not impact any version of already installed Support Assist for Home PCs because it only affects SupportAssistInstaller.exe.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-08-19 | Initial Publication |
| 2.0 | 2024-08-20 | Updated acknowledgements section |
| 3.0 | 2024-08-20 | Updated acknowledgements section |
| 4.0 | 2024-08-28 | Added additional details for clarity |
Acknowledgements
Dell would like to thank Shaurya1337 and sahilshah3276 for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
SupportAssist for Home PCsArticle Properties
Article Number: 000227899
Article Type: Dell Security Advisory
Last Modified: 29 Aug 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.