Ga naar hoofdinhoud
Uitloggen

Welkom bij Dell

Mijn account
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.
Inloggen Een account maken Inloggen bij Premier Aanmelden voor partnerprogramma
Contact

Uw Dell.com-winkelwagentjes

Artikelnummer: 000216574

DSA-2023-279: Security Update for Dell SupportAssist for Business PCs Vulnerability

Samenvatting: In Dell SupportAssist for Business PCs with the SupportAssist User Interface available, a locally authenticated user can bypass authentication and exclusively utilize the "Run as Administrator" component on the respective PC to perform driver scans and installations without acquiring any additional administrator privileges. This temporary privilege self-expires after 15 minutes. ...

Article content

Impact

Medium

Gegevens

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String
CVE-2023-39249 Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. 6.3 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String
CVE-2023-39249 Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. 6.3 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link
 CVE-2023-39249 SupportAssist for Business PCs  Software 3.4.0 3.4.1   https://www.dell.com/support/home/en-us/product-support/product/supportassist-business-pcs/

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link
 CVE-2023-39249 SupportAssist for Business PCs  Software 3.4.0 3.4.1   https://www.dell.com/support/home/en-us/product-support/product/supportassist-business-pcs/

Tijdelijke oplossingen en beperkingen

CVE ID Workaround and Mitigation
CVE-2023-39249 Users need to keep the SupportAssist Business PCs updated to the latest version.

Revisiegeschiedenis

 

RevisionDateDescription
1.02023-08-08Initial Release

 

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische informatie

Artikeleigenschappen

Getroffen product

SupportAssist, SupportAssist for Business PCs

Datum laatst gepubliceerd

08 aug. 2023

Versie

1

Artikeltype

Dell Security Advisory

Terug naar boven