Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen

DSA-2023-279: Security Update for Dell SupportAssist for Business PCs Vulnerability

Samenvatting: In Dell SupportAssist for Business PCs with the SupportAssist User Interface available, a locally authenticated user can bypass authentication and exclusively utilize the "Run as Administrator" component on the respective PC to perform driver scans and installations without acquiring any additional administrator privileges. This temporary privilege self-expires after 15 minutes. ...

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.

Impact

Medium

Gegevens

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39249 Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. 6.3 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39249 Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. 6.3 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

 CVE-2023-39249 SupportAssist for Business PCs  Software 3.4.0 3.4.1   https://www.dell.com/support/home/en-us/product-support/product/supportassist-business-pcs/

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

 CVE-2023-39249 SupportAssist for Business PCs  Software 3.4.0 3.4.1   https://www.dell.com/support/home/en-us/product-support/product/supportassist-business-pcs/

Tijdelijke oplossingen en risicobeperking

CVE ID Workaround and Mitigation
CVE-2023-39249 Users need to keep the SupportAssist Business PCs updated to the latest version.

Revisiegeschiedenis

 

RevisionDateDescription
1.02023-08-08Initial Release

 

Verwante informatie

Getroffen producten

SupportAssist, SupportAssist for Business PCs
Artikeleigenschappen
Artikelnummer: 000216574
Artikeltype: Dell Security Advisory
Laatst aangepast: 08 aug. 2023
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.