Mdanilor

Name of the Vulnerable Software and Affected Versions: Dell SupportAssist OS Recovery versions prior to 5.5.13.1 Description: The issue concerns a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and elevation of privileges. Recommendations: For versions prior to 5.5.13.1, update to version 5.5.13.1 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell SupportAssist for Home PCs versions 4.6.1 and prior Dell SupportAssist for Business PCs versions 4.5.0 and prior **Description** The software remediation component of Dell SupportAssist contains a symbolic link attack vulnerability. A low-privileged authenticated user could exploit this vulnerability, gaining privilege escalation, which could lead to the arbitrary deletion of files and folders from the system. **Recommendations** For Dell SupportAssist for Home PCs versions 4.6.1 and prior, update to a version later than 4.6.1 to resolve the issue. For Dell SupportAssist for Business PCs versions 4.5.0 and prior, update to a version later than 4.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the software remediation component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Dell Inventory Collector Client versions prior to 12.7.0 **Description** The issue concerns an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. **Recommendations** For versions prior to 12.7.0, update to version 12.7.0 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.