CVE-2021-36286: DSA-2021-163: Dell SupportAssist for Home PCs and Business PCs security update for multiple vulnerabilities

Vaikutus

High

Tiedot

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2021-36286

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions before 3.9.13.0 contain an arbitrary file deletion vulnerability that may be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links may be created by any (non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point, allows for exploitation. SupportAssist clean files functionality does not distinguish junction points from the physical folder and proceeds to clean the target of the junction that may allow nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2021-36297

SupportAssist Client version 3.8 contains an untrusted search path vulnerability that may allow attackers to load an arbitrary .dll file using .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dlls.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2021-36286

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions before 3.9.13.0 contain an arbitrary file deletion vulnerability that may be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links may be created by any (non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point, allows for exploitation. SupportAssist clean files functionality does not distinguish junction points from the physical folder and proceeds to clean the target of the junction that may allow nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2021-36297

SupportAssist Client version 3.8 contains an untrusted search path vulnerability that may allow attackers to load an arbitrary .dll file using .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dlls.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Kiitokset

Dell would like to thank Ammarit Thongthua, Chayanin Khawsanit, and Krischat Thataristorai (Secure D Research Team) for reporting CVE-2021-36286.

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

SupportAssist, SupportAssist for Home PCs, Product Security Information, SupportAssist for Business PCs

10 marrask. 2021