Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000216574


DSA-2023-279: Security Update for Dell SupportAssist for Business PCs Vulnerability

Samenvatting: In Dell SupportAssist for Business PCs with the SupportAssist User Interface available, a locally authenticated user can bypass authentication and exclusively utilize the "Run as Administrator" component on the respective PC to perform driver scans and installations without acquiring any additional administrator privileges. This temporary privilege self-expires after 15 minutes. ...

Article content


Impact

Medium

Gegevens

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39249 Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. 6.3 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39249 Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. 6.3 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

 CVE-2023-39249 SupportAssist for Business PCs  Software 3.4.0 3.4.1   https://www.dell.com/support/home/en-us/product-support/product/supportassist-business-pcs/

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

 CVE-2023-39249 SupportAssist for Business PCs  Software 3.4.0 3.4.1   https://www.dell.com/support/home/en-us/product-support/product/supportassist-business-pcs/

Tijdelijke oplossingen en beperkingen

CVE ID Workaround and Mitigation
CVE-2023-39249 Users need to keep the SupportAssist Business PCs updated to the latest version.

Revisiegeschiedenis

 

RevisionDateDescription
1.02023-08-08Initial Release

 

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product

SupportAssist, SupportAssist for Business PCs

Datum laatst gepubliceerd

08 aug. 2023

Versie

1

Artikeltype

Dell Security Advisory