Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-36297

Опубликовано: 28 сент. 2021
Источник: nvd
CVSS3: 7.8
CVSS3: 7.8
CVSS2: 4.4
EPSS Низкий

Описание

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*
Версия до 3.9.0 (исключая)

EPSS

Процентиль: 17%
0.00053
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-426
CWE-426

Связанные уязвимости

github логотип

GHSA-6wmf-4rwp-j5x8

github
больше 3 лет назад

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,

EPSS

Процентиль: 17%
0.00053
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-426
CWE-426