Dell SupportAssist-ing Hackers

Dell SupportAssist-ing Hackers

Posted by Michael on 12/02/2020

A recent vulnerability found in Dell’s SupportaAssist software found that if exploited correctly can lead to code execution for unprivileged users. This is known as an uncontrolled search path vulnerability (CVE-2020-5316).
This vulnerability could cause a low privileged user to change the loading of arbitrary code through the SupportAssist binaries which results in privileged execution of the arbitrary code. This vulnerability was discovered by ‘CyberArk’ security researcher.
“A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.”
SupportAssist is a software designed by Dell for the purpose of alerting the company of any issues on a customers hardware or software.
It’s possible to patch Dell SupportAssist by updating it and keeping auto upgrade enabled to keep up to date of any patches that are due.

Contact us

  • Worklab, Europort, Gibraltar

  • +350 540 73836