CVE-2020-5316
HIGHDell SupportAssist for Business PCs 2.0-2.1.3 and Home PCs 2.0-3.4 - Uncontrolled Search Path Element
Title source: llmDescription
Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
http://www.dell.com/support/article/SLN320101
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
32.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (30)
dell/supportassist_for_business_pcs
2.0
dell/supportassist_for_business_pcs
2.0.1
dell/supportassist_for_business_pcs
2.0.2
dell/supportassist_for_business_pcs
2.1
dell/supportassist_for_business_pcs
2.1.1
dell/supportassist_for_business_pcs
2.1.2
dell/supportassist_for_business_pcs
2.1.3
dell/supportassist_for_home_pcs
2.0
dell/supportassist_for_home_pcs
2.0.1
dell/supportassist_for_home_pcs
2.0.2
... and 20 more
Published
Jul 22, 2021
Tracked Since
Feb 18, 2026