High
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-36286 |
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions before 3.9.13.0 contain an arbitrary file deletion vulnerability that may be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links may be created by any (non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point, allows for exploitation. SupportAssist clean files functionality does not distinguish junction points from the physical folder and proceeds to clean the target of the junction that may allow nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. |
7.1 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-36297 |
SupportAssist Client version 3.8 contains an untrusted search path vulnerability that may allow attackers to load an arbitrary .dll file using .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dlls. |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2021-36286 |
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions before 3.9.13.0 contain an arbitrary file deletion vulnerability that may be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links may be created by any (non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point, allows for exploitation. SupportAssist clean files functionality does not distinguish junction points from the physical folder and proceeds to clean the target of the junction that may allow nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. |
7.1 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-36297 |
SupportAssist Client version 3.8 contains an untrusted search path vulnerability that may allow attackers to load an arbitrary .dll file using .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dlls. |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
|
Dell would like to thank Ammarit Thongthua, Chayanin Khawsanit, and Krischat Thataristorai (Secure D Research Team) for reporting CVE-2021-36286.