Medium
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
---|---|---|---|
CVE-2023-39249 | Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | 6.3 (Medium) | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
---|---|---|---|
CVE-2023-39249 | Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | 6.3 (Medium) | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
---|---|---|---|---|---|
CVE-2023-39249 | SupportAssist for Business PCs | Software | 3.4.0 | 3.4.1 | https://www.dell.com/support/home/en-us/product-support/product/supportassist-business-pcs/ |
CVEs Addressed |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
---|---|---|---|---|---|
CVE-2023-39249 | SupportAssist for Business PCs | Software | 3.4.0 | 3.4.1 | https://www.dell.com/support/home/en-us/product-support/product/supportassist-business-pcs/ |
CVE ID | Workaround and Mitigation |
---|---|
CVE-2023-39249 | Users need to keep the SupportAssist Business PCs updated to the latest version. |
Revision | Date | Description |
---|---|---|
1.0 | 2023-08-08 | Initial Release |