CVE-2023-39249

MEDIUM

Dell Supportassist For Home Pcs - Authentication Bypass

Title source: rule

Description

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes.

References (1)

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-us/000216574/security-update-for-dell-supportassist-for-business-pcs-vulnerability

Scores

CVSS v3 6.3

EPSS 0.0001

EPSS Percentile 1.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-280

Status published

Products (1)

dell/supportassist_for_home_pcs 3.4.0

Published Feb 14, 2024

Tracked Since Feb 18, 2026