Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-5316

Опубликовано: 22 июл. 2021
Источник: nvd
CVSS3: 7.8
CVSS2: 4.6
EPSS Низкий

Описание

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:supportassist_for_business_pcs:2.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_business_pcs:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_business_pcs:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_business_pcs:2.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_business_pcs:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_business_pcs:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_business_pcs:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.0:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:dell:supportassist_for_home_pcs:3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 33%
0.00131
Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-427
CWE-427

Связанные уязвимости

github логотип

GHSA-47v2-m4w2-vxpg

github
больше 3 лет назад

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

EPSS

Процентиль: 33%
0.00131
Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-427
CWE-427