CVE-2023-39249 — MEDIUM (6.3)

Vulnerability Description

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Dell	Supportassist For Home Pcs	3.4.0

Related Weaknesses (CWE)

CWE-280

References

https://www.dell.com/support/kbdoc/en-us/000216574/security-update-for-dell-suppVendor Advisory
https://www.dell.com/support/kbdoc/en-us/000216574/security-update-for-dell-suppVendor Advisory

FAQ

What is CVE-2023-39249?

CVE-2023-39249 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the Support...

How severe is CVE-2023-39249?

CVE-2023-39249 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39249?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Supportassist For Home Pcs.