CVE-2021-21518

HIGH

Dell SupportAssist Client - Uncontrolled Search Path Element in Costura Fody Plugin

Title source: llm

Description

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-427

Status published

Products (8)

dell/supportassist_client_promanage 1.0

dell/supportassist_for_business_pcs 2.0.0

dell/supportassist_for_business_pcs 2.1.0

dell/supportassist_for_business_pcs 2.2.0

dell/supportassist_for_home_pcs 3.3.3

dell/supportassist_for_home_pcs 3.4.0

dell/supportassist_for_home_pcs 3.6.0

dell/supportassist_for_home_pcs 3.7.0

Published Mar 12, 2021

Tracked Since Feb 18, 2026