CVE-2020-5316

Name of the Vulnerable Software and Affected Versions Dell SupportAssist for Business PCs versions 2.0 through 2.1.3 Dell SupportAssist for Home PCs versions 2.0 through 3.4

Description The issue is related to an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Recommendations For Dell SupportAssist for Business PCs versions 2.0 through 2.1.3, update to a version that contains a fix for this vulnerability. For Dell SupportAssist for Home PCs versions 2.0 through 3.4, update to a version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the SupportAssist binaries to minimize the risk of exploitation.