Dell Supportassist For Business Pcs

Symlink Follow in Dell SupportAssist <=4.8.2 Home / <=4.5.3 Biz, File Delete
CVE-2025-43991 6.3 - Medium - October 13, 2025

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.

Symlink following

Dell SupportAssist Business PCs <=4.5.3: Incorrect Privilege Assignment (CVE-2025-36612)
CVE-2025-36612 7.8 - High - August 14, 2025

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Incorrect Privilege Assignment

Dell SupportAssist v4.6.3-4.5.3 Local Privilege Escalation Vulnerability
CVE-2025-36613 7.8 - High - August 14, 2025

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Incorrect Privilege Assignment

Dell SupportAssist Symlink Attack Vulnerability in Software Remediation Component
CVE-2024-52535 8.8 - High - December 25, 2024

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

insecure temporary file

Dell SupportAssist Privilege Escalation v3.0v3.14.1 (Windows)
CVE-2023-44283 7.8 - High - February 14, 2024

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Authorization

Info Disclosure in Dell SupportAssist 3.11.4/3.2.0 via Local Low-Priv User
CVE-2022-34388 7.1 - High - February 11, 2023

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.

Cleartext Storage of Sensitive Information

Dell SupportAssist Client Pre-3.11.1 LPE via Advanced Driver Restore
CVE-2022-34384 7.8 - High - February 11, 2023

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

Improper Privilege Management

Dell SupportAssist (v3.11.4/<3.2) Crypto Weakness: Auth Non-Admin Info Leak
CVE-2022-34385 5.5 - Medium - February 11, 2023

SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

Inadequate Encryption Strength

Dell SupportAssist Crypto Weakness (v3.11.4/3.2.0) Auth Non-Admin Info Leak
CVE-2022-34386 5.5 - Medium - February 11, 2023

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

Use of Hard-coded Credentials

Dell SupportAssist Home PC <3.11.4 Priv Escalation
CVE-2022-34387 7.8 - High - February 11, 2023

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.

Exposure of Resource to Wrong Sphere

Dell SupportAssist ScreenMeet API RateLimit Bypass Enables Impersonation
CVE-2022-34389 5.3 - Medium - February 11, 2023

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.

Improper Restriction of Excessive Authentication Attempts

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability
CVE-2022-29092 7.8 - High - June 10, 2022

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.

DLL preloading

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability
CVE-2022-29093 7.1 - High - June 10, 2022

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.

Directory traversal

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability
CVE-2022-29094 7.1 - High - June 10, 2022

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system.

Directory traversal

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability
CVE-2022-29095 9.6 - Critical - June 10, 2022

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.

XSS

Dell SupportAssist for Business PCs versions 2.0
CVE-2020-5316 7.8 - High - July 22, 2021

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

DLL preloading

Dell SupportAssist Client for Consumer PCs versions 3.7.x
CVE-2021-21518 7.8 - High - March 12, 2021

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

DLL preloading

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVE-2019-12280 - June 25, 2019

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2
CVE-2019-3735 7.8 - High - June 20, 2019

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Improper Privilege Management