DSA-2024-312: Security Update for Dell SupportAssist for Home PCs Installer file Local Privilege Escalation Vulnerability
요약: Dell SupportAssist for Home PCs remediation is available for the SupportAssist Installer file that could be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
High
세부 정보
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-38305 | Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-38305 | Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges. | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
영향을 받는 제품 및 문제 해결
| Product | Software/Firmware | Affected Versions |
Remediated Versions | Link |
|---|---|---|---|---|
| SupportAssist for Home PCs | SupportAssist Installer | 4.0.3 | 4.3.1 | SupportAssist for Home PCs |
| Product | Software/Firmware | Affected Versions |
Remediated Versions | Link |
|---|---|---|---|---|
| SupportAssist for Home PCs | SupportAssist Installer | 4.0.3 | 4.3.1 | SupportAssist for Home PCs |
The fix for SupportAssistInstaller.exe has been deployed to systems in production which remediates new installations and future upgrades for SupportAssist for Home PCs. Customers are not required to take any action and should not uninstall or reinstall SupportAssist for Home PCs that is already on their systems.
The vulnerability does not impact any version of already installed Support Assist for Home PCs because it only affects SupportAssistInstaller.exe.
The vulnerability does not impact any version of already installed Support Assist for Home PCs because it only affects SupportAssistInstaller.exe.
개정 내역
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-08-19 | Initial Publication |
| 2.0 | 2024-08-20 | Updated acknowledgements section |
| 3.0 | 2024-08-20 | Updated acknowledgements section |
| 4.0 | 2024-08-28 | Added additional details for clarity |
감사의 말
Dell would like to thank Shaurya1337 and sahilshah3276 for reporting this issue.
관련 정보
법적 고지 사항
해당 제품
SupportAssist for Home PCs문서 속성
문서 번호: 000227899
문서 유형: Dell Security Advisory
마지막 수정 시간: 29 8월 2024
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.