Lucene search

DellVULNRICHMENT:CVE-2023-25535

HistoryFeb 14, 2024 - 7:23 a.m.

CVE-2023-25535

2024-02-1407:23:39

CWE-269

dell

github.com

dell supportassist

installer

vulnerability

high risk

local privilege escalation

lpe

first-time installation

8th march 2023

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dell:supportassist_client_consumer:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "supportassist_client_consumer",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.13.2.19",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.dell.com/support/kbdoc/en-us/000211410/dell-supportassist-for-home-pcs-security-update-for-installer-executable-file-for-local-privilege-escalation-lpe-vulnerability

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-25535