PT-2024-35363 · Dell · Dell Supportassist For Business Pcs+1
Mdanilor
·
Published
2024-12-25
·
Updated
2024-12-30
·
CVE-2024-52535
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell SupportAssist for Home PCs versions 4.6.1 and prior
Dell SupportAssist for Business PCs versions 4.5.0 and prior
Description
The software remediation component of Dell SupportAssist contains a symbolic link attack vulnerability. A low-privileged authenticated user could exploit this vulnerability, gaining privilege escalation, which could lead to the arbitrary deletion of files and folders from the system.
Recommendations
For Dell SupportAssist for Home PCs versions 4.6.1 and prior, update to a version later than 4.6.1 to resolve the issue.
For Dell SupportAssist for Business PCs versions 4.5.0 and prior, update to a version later than 4.5.0 to resolve the issue.
As a temporary workaround, consider restricting access to the software remediation component until a patch is available.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Supportassist For Business Pcs
Dell Supportassist For Home Pcs