Dell is one of the reputable PC makers in its industry. While it’s so trustable by the community, the latest report by Eran Shimony from Cyberark shows a critical vulnerability posed by all Dell PCs with SupportAssist feature in them. Further, any low privileged user can exploit this vulnerability to load any arbitrary DLL onto the user’s PC.
A useful feature with vulnerability
Dell SupportAssist is a needed tool. This feature, if installed, will automatically check for problems periodically. And if found anything, it sends it to Dell for troubleshooting and returns to the customer with an executive, helping to solve the problem. As it monitors the health of user’s PC (both software and hardware), it available only for customers with Premiums Support, Pro Support and Premium Support Plus.
Though set for premium, it’s available in most of the Dell PCs, as the maker said. And this could land all those systems at risk if not updated. As per Dell, the venerable PCs could be:
All business PCs with SupportAssist version 2.1.3 or earlier and
All home PCs with SupportAssist version 3.4 or earlier.
Dell has just released the patched versions of this feature, version 2.1.4 for business PCs and version 3.4.1 for home PCs, and recommends everyone to update as soon as possible. As here, any locally authenticated low privileged user can exploit this flaw to load arbitrary DLLs in the SupportAssist binaries.
This vulnerability was given the CVE code as 2020-5316 and is rated with high severity CVSSv3 with a base score of 7.8. Though this flaw’s abuse isn’t seen immediately, adversary exploiting the DLL search order and can gain progressive access later.
Dell says that this flaw will automatically be patched if the user let SupportAssist is enabled, as it checks for updates. But if not, the user can manually search for the feature and update it. Get the patch here: Updated Versions