OpenCVE

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Supportassist For Business Pcs Supportassist For Home Pcs

Configuration 1 [-]

OR	cpe:2.3:a:dell:supportassist_for_business_pcs::::::::
	cpe:2.3:a:dell:supportassist_for_home_pcs::::::::

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component

History

Thu, 17 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell supportassist For Business Pcs Dell supportassist For Home Pcs
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:dell:supportassist_for_business_pcs:::::::: cpe:2.3:a:dell:supportassist_for_home_pcs::::::::
Vendors & Products		Dell Dell supportassist For Business Pcs Dell supportassist For Home Pcs

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-02-14T07:49:13.074Z

Updated: 2024-08-14T18:49:25.331Z

Reserved: 2023-09-28T09:25:45.714Z

Link: CVE-2023-44283

Vulnrichment

Updated: 2024-08-02T19:59:51.935Z

NVD

Status : Modified

Published: 2024-02-14T08:15:09.347

Modified: 2024-11-21T08:25:35.120

Link: CVE-2023-44283

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44283", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-09-28T09:25:45.714Z", "datePublished": "2024-02-14T07:49:13.074Z", "dateUpdated": "2024-08-14T18:49:25.331Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SupportAssist for Home PCs", "vendor": "Dell", "versions": [{"lessThanOrEqual": "3.14.1", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "SupportAssist for Business PCs", "vendor": "Dell", "versions": [{"lessThanOrEqual": "3.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-10-31T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.</span>\n\n<br>"}], "value": "\nIn Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-14T07:49:13.074Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.935Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component"}]}, {"affected": [{"vendor": "dell", "product": "supportassist_for_home_pcs", "cpes": ["cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0", "status": "affected", "lessThanOrEqual": "3.14.1", "versionType": "semver"}]}, {"vendor": "dell", "product": "supportassist_for_business_pcs", "cpes": ["cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0", "status": "affected", "lessThanOrEqual": "3.4.1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T18:46:49.835695Z", "id": "CVE-2023-44283", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:49:25.331Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.935Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44283", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-14T18:46:49.835695Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "supportassist_for_home_pcs", "versions": [{"status": "affected", "version": "3.0", "versionType": "semver", "lessThanOrEqual": "3.14.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "supportassist_for_business_pcs", "versions": [{"status": "affected", "version": "3.0", "versionType": "semver", "lessThanOrEqual": "3.4.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:48:46.936Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "SupportAssist for Home PCs", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.14.1"}], "defaultStatus": "unaffected"}, {"vendor": "Dell", "product": "SupportAssist for Business PCs", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.4.1"}], "defaultStatus": "unaffected"}], "datePublic": "2024-10-31T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nIn Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.</span>\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-14T07:49:13.074Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44283", "state": "PUBLISHED", "dateUpdated": "2024-08-14T18:49:25.331Z", "dateReserved": "2023-09-28T09:25:45.714Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-02-14T07:49:13.074Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*", "matchCriteriaId": "C918E3A5-391A-4610-9E3B-F112548E7052", "versionEndExcluding": "3.5.0", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*", "matchCriteriaId": "51CA7F84-29A8-4CBD-B9D5-4CA42BF98D94", "versionEndExcluding": "3.14.2", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nIn Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.\n\n\n"}, {"lang": "es", "value": "En Dell SupportAssist para PC dom\u00e9sticas (entre v3.0 y v3.14.1) y SupportAssist para PC empresariales (entre v3.0 y v3.4.1), se identific\u00f3 un problema de seguridad que afecta a los usuarios autenticados localmente en sus respectivas PC. Este problema puede permitir potencialmente la escalada de privilegios y la ejecuci\u00f3n de c\u00f3digo arbitrario, en el contexto del sistema Windows y limitado a esa PC local espec\u00edfica."}], "id": "CVE-2023-44283", "lastModified": "2024-11-21T08:25:35.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-14T08:15:09.347", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}