Dell released a security update to address a vulnerability, tracked as CVE-2020-5316, in its
Dell SupportAssist software is described as a tool that proactively checks the health of system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting.
To solve the problems Dell SupportAssist interacts with the Dell Support website and automatically detect Service Tag or Express Service Code of Dell product.
The utility performs hardware diagnostic tests and analyzes the hardware configuration of the system, including installed device drivers, and is able to install missing or available driver updates.
The software leverages a local web service that is protected using the “Access-Control-Allow-Origin” response header and implementing restrictions to accept commands only from the “dell.com” website or its subdomains,
“A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the
The vulnerability affects the following Dell versions:
• Dell for business PCs version 2.1.3 or earlier
• Dell for home PCs version 3.4 or earlier.
Dell addresses the issue with the release of Dell
All versions of SupportAssist will automatically install the latest released versions if automatic upgrades are enabled, otherwise the steps for a manual update of the client for home PCs are:
In May 2019, the security researcher Bill Demirkapi discovered a critical remote code execution vulnerability (CVE-2019-3719) in the Dell SupportAssist utility that could be exploited by hackers to compromise systems remotely.
(SecurityAffairs – hacking, Dell)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.