CVE-2021-36286

Name of the Vulnerable Software and Affected Versions Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0

Description The issue concerns an arbitrary file deletion vulnerability that can be exploited using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any non-privileged user under some object directories. However, combining them with a different object, such as the NTFS junction point, allows for the exploitation. The SupportAssist clean files functionality does not distinguish junction points from the physical folder and proceeds to clean the target of the junction, allowing non-privileged users to create junction points and delete arbitrary files on the system that can be accessed only by the admin.

Recommendations For Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0, consider disabling the clean files functionality until a patch is available to prevent non-privileged users from deleting arbitrary files on the system. Restrict access to the NTFS junction point to minimize the risk of exploitation. Avoid using the SupportAssist clean files functionality in environments where non-privileged users have access to the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.