Dell Supportassist For Home Pcs
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Dell Supportassist For Home Pcs.
By the Year
In 2025 there have been 0 vulnerabilities in Dell Supportassist For Home Pcs. Last year, in 2024 Supportassist For Home Pcs had 5 security vulnerabilities published. Right now, Supportassist For Home Pcs is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 5 | 7.14 |
2023 | 9 | 6.53 |
2022 | 4 | 7.90 |
2021 | 3 | 7.80 |
2020 | 0 | 0.00 |
2019 | 2 | 7.80 |
2018 | 0 | 0.00 |
It may take a day or so for new Supportassist For Home Pcs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Supportassist For Home Pcs Security Vulnerabilities
Dell SupportAssist Symlink Attack Vulnerability in Software Remediation Component
CVE-2024-52535
8.8 - High
- December 25, 2024
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.
insecure temporary file
Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer
CVE-2024-38305
7.3 - High
- August 21, 2024
Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges.
Untrusted Path
Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability
CVE-2023-25535
6.5 - Medium
- February 14, 2024
Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023
Improper Privilege Management
Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability
CVE-2023-39249
5.3 - Medium
- February 14, 2024
Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes.
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1)
CVE-2023-44283
7.8 - High
- February 14, 2024
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.
Authorization
Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer
CVE-2023-48670
7.8 - High
- December 22, 2023
Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.
Untrusted Path
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability
CVE-2022-34388
7.1 - High
- February 11, 2023
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.
Cleartext Storage of Sensitive Information
Dell SupportAssist Client Consumer (version 3.11.1 and prior)
CVE-2022-34384
7.8 - High
- February 11, 2023
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.
Improper Privilege Management
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability
CVE-2022-34385
5.5 - Medium
- February 11, 2023
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.
Inadequate Encryption Strength
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability
CVE-2022-34386
5.5 - Medium
- February 11, 2023
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.
Use of Hard-coded Credentials
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability
CVE-2022-34387
7.8 - High
- February 11, 2023
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.
Exposure of Resource to Wrong Sphere
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component
CVE-2022-34389
5.3 - Medium
- February 11, 2023
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.
Improper Restriction of Excessive Authentication Attempts
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability
CVE-2022-34392
5.5 - Medium
- February 11, 2023
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.
Insufficient Session Expiration
Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability
CVE-2022-34366
6.5 - Medium
- February 10, 2023
Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.
Incorrect Comparison
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability
CVE-2022-29092
7.8 - High
- June 10, 2022
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.
DLL preloading
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability
CVE-2022-29093
7.1 - High
- June 10, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.
Directory traversal
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability
CVE-2022-29094
7.1 - High
- June 10, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system.
Directory traversal
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability
CVE-2022-29095
9.6 - Critical
- June 10, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.
XSS
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability
CVE-2021-36297
7.8 - High
- September 28, 2021
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,
Untrusted Path
Dell SupportAssist for Business PCs versions 2.0
CVE-2020-5316
7.8 - High
- July 22, 2021
Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.
DLL preloading
Dell SupportAssist Client for Consumer PCs versions 3.7.x
CVE-2021-21518
7.8 - High
- March 12, 2021
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.
DLL preloading
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVE-2019-12280
7.8 - High
- June 25, 2019
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
DLL preloading
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2
CVE-2019-3735
7.8 - High
- June 20, 2019
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dell Supportassist For Home Pcs or by Dell? Click the Watch button to subscribe.
