4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.3%
According to its self-reported version number, the version of Dell SupportAssist Client Consumer is prior to 3.10. It is, therefore, affected by multiple vulnerabilities.
An arbitrary file deletion vulnerability exists due to how Dell SupportAssist handles symbolic links and NTFS junction points. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. (CVE-2021-36286)
An untrusted search path vulnerability exists that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll’s. (CVE-2021-36297)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(153806);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/10/25");
script_cve_id("CVE-2021-36286", "CVE-2021-36297");
script_xref(name:"IAVA", value:"2021-A-0444-S");
script_name(english:"Dell SupportAssist < 3.10 Multiple Vulnerabilities (DSA-2021-163)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a Dell SupportAssist that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the version of Dell SupportAssist Client Consumer is prior to 3.10. It
is, therefore, affected by multiple vulnerabilities.
- An arbitrary file deletion vulnerability exists due to how Dell SupportAssist handles symbolic links and
NTFS junction points. Symbolic links can be created by any(non-privileged) user under some object
directories, but by themselves are not sufficient to successfully escalate privileges. However, combining
them with a different object, such as the NTFS junction point allows for the exploitation. Support assist
clean files functionality do not distinguish junction points from the physical folder and proceeds to
clean the target of the junction that allows nonprivileged users to create junction points and delete
arbitrary files on the system which can be accessed only by the admin. (CVE-2021-36286)
- An untrusted search path vulnerability exists that allows attackers to load an arbitrary .dll file via
.dll planting/hijacking, only by a separate administrative action that is not a default part of the
SOSInstallerTool.exe installation for executing arbitrary dll's. (CVE-2021-36297)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.dell.com/support/kbdoc/en-us/000191057/dsa-2021-163-dell-supportassist-client-consumer-security-update-for-two-vulnerabilities
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f2c887e5");
script_set_attribute(attribute:"solution", value:
"Update Dell SupportAssist to version 3.10 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-36297");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/28");
script_set_attribute(attribute:"patch_publication_date", value:"2021/09/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:supportassist");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("dell_supportassist_installed.nbin");
script_require_keys("installed_sw/Dell SupportAssist");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Dell SupportAssist', win_local:TRUE);
var dell_edition = tolower(app_info['Edition']);
if ('business' >< dell_edition)
var constraints = [
{'fixed_version':'3.0.0'}
];
else constraints = [{'fixed_version':'3.10'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
dell | supportassist | cpe:/a:dell:supportassist |
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
27.3%