VYPR

SupportAssist Client Consumer

by Dell

CVEs (15)

  • CVE-2022-29095HigJun 10, 2022
    risk 0.54cvss 8.3epss 0.01

    Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific…

  • CVE-2022-34384HigFeb 11, 2023
    risk 0.51cvss 7.8epss 0.00

    Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore…

  • CVE-2022-29092HigJun 10, 2022
    risk 0.51cvss 7.8epss 0.00

    Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.

  • CVE-2021-36297HigSep 28, 2021
    risk 0.51cvss 7.8epss 0.00

    SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation…

  • CVE-2020-5316HigJul 22, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4…

  • CVE-2021-21518HigMar 12, 2021
    risk 0.51cvss 7.8epss 0.00

    Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user…

  • CVE-2023-25535HigFeb 14, 2024
    risk 0.47cvss 7.2epss 0.00

    Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023…

  • CVE-2023-48670HigDec 22, 2023
    risk 0.47cvss 7.3epss 0.00

    Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the…

  • CVE-2022-29094HigJun 10, 2022
    risk 0.46cvss 7.1epss 0.00

    Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or…

  • CVE-2022-29093HigJun 10, 2022
    risk 0.46cvss 7.1epss 0.00

    Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files…

  • CVE-2021-36286HigSep 28, 2021
    risk 0.46cvss 7.1epss 0.00

    Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user…

  • CVE-2022-34366MedFeb 10, 2023
    risk 0.42cvss 6.5epss 0.01

    Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

  • CVE-2023-39249MedFeb 14, 2024
    risk 0.41cvss 6.3epss 0.00

    Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary…

  • CVE-2022-34386MedFeb 11, 2023
    risk 0.36cvss 5.5epss 0.00

    Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

  • CVE-2022-34385MedFeb 11, 2023
    risk 0.36cvss 5.5epss 0.00

    SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.