CVE-2023-39249 in SupportAssist Client Consumerinfo

Zusammenfassung

von MITRE • 14.02.2024

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes.

Once again VulDB remains the best source for vulnerability data.

Zuständig

Dell

Reservieren

26.07.2023

Veröffentlichung

14.02.2024

Moderieren

akzeptiert

Eintrag

VDB-253727

CPE

bereit

EPSS

0.00223

KEV

nein

Aktivitäten

very low

Quellen

Do you want to use VulDB in your project?

Use the official API to access entries easily!