CVE-2023-44283

2024-02-1407:49:13

CWE-284

dell

www.cve.org

dell

supportassist

security concern

home pcs

business pcs

privilege escalation

arbitrary code

windows system context

locally authenticated users

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SupportAssist for Home PCs",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "3.14.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SupportAssist for Business PCs",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "3.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component