7.8
CVE-2021-21518
- EPSS 0.04%
- Published 12.03.2021 20:15:11
- Last modified 21.11.2024 05:48:31
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.
Data is provided by the National Vulnerability Database (NVD)
Dell ≫ Supportassist Client Promanage Version1.0
Dell ≫ Supportassist For Business Pcs Version2.0.0
Dell ≫ Supportassist For Business Pcs Version2.1.0
Dell ≫ Supportassist For Business Pcs Version2.2.0
Dell ≫ Supportassist For Home Pcs Version3.3.3
Dell ≫ Supportassist For Home Pcs Version3.4.0
Dell ≫ Supportassist For Home Pcs Version3.6.0
Dell ≫ Supportassist For Home Pcs Version3.7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.076 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| security_alert@emc.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.