Critical Vulnerability In Dell SupportAssist (Feb. 2020)

Similar articlesCritical Vulnerability in Dell SupportAssist (Feb. 2020)Dell devices: RCE vulnerabilities in SupportAssist ClientDell EMC SupportAssist Enterprise security alertHP Support Assistant: Patch a vulnerability (Sept. 2022)

Critical Vulnerability in Dell SupportAssist (Feb. 2020)

Similar articlesSerious vulnerability in Dell's PC Doctor AssistantCritical Vulnerability in Dell SupportAssist (Feb. 2020)ShadowHammer: ASUS Live Update infected with backdoorWindows 10: Update installs mysterious HP Inc. driverHP Touchpoint Analytics vulnerability put PCs at riskWarning: HP Support Assistant with vulnerabilities

Dell released a security update to address a vulnerability, tracked as CVE-2020-5316, in its SupportAssist Client software. The flaw could be exploited by local attackers to execute arbitrary code with Administrator privileges on affected systems.

In May 2019, the security researcher Bill Demirkapi discovered a critical remote code execution vulnerability (CVE-2019-3719) in the Dell SupportAssist utility that could be exploited by hackers to compromise systems remotely.

Finally, Adobe Experience Manager (AEM), its content management solution for building websites, has an important-level uncontrolled resource consumption vulnerability (CVE-2020-3741) that could result in a denial-of-service condition.

A collection of five flaws, collectively tracked as CVE-2021-21551, have been discovered in DBUtil, a driver from that Dell machines install and load during the BIOS update process and is unloaded at the next reboot... This type of vulnerability is not considered critical because an attacker exploiting it needs to have compromised the computer beforehand. However, it allows threat actors and malware to gain persistence on the infected system....