Vulnerability Details CVE-2021-21518
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability
Products affected by CVE-2021-21518
-
cpe:2.3:a:dell:supportassist_client_promanage:1.0
-
cpe:2.3:a:dell:supportassist_for_business_pcs:2.0.0
-
cpe:2.3:a:dell:supportassist_for_business_pcs:2.1.0
-
cpe:2.3:a:dell:supportassist_for_business_pcs:2.2.0
-
cpe:2.3:a:dell:supportassist_for_home_pcs:3.3.3
-
cpe:2.3:a:dell:supportassist_for_home_pcs:3.4.0
-
cpe:2.3:a:dell:supportassist_for_home_pcs:3.6.0
-
cpe:2.3:a:dell:supportassist_for_home_pcs:3.7.0