Sign-up

ID

VAR-202103-0628


CVE

CVE-2021-21518


TITLE

plural  Dell SupportAssist Client  Vulnerability in uncontrolled search path elements in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004483

DESCRIPTION

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. plural Dell SupportAssist Client The product contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DELL Dell SupportAssist Client is a client application of Dell (DELL). The program provides automated, proactive and predictive techniques for troubleshooting and more

Trust: 1.71

sources: NVD: CVE-2021-21518 // JVNDB: JVNDB-2021-004483 // VULHUB: VHN-379922

AFFECTED PRODUCTS

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.4.0

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.2.0

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.3.3

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.0.0

Trust: 1.0

vendor:dellmodel:supportassist client promanagescope:eqversion:1.0

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.7.0

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.6.0

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.1.0

Trust: 1.0

vendor:デルmodel:dell supportassist for business pcsscope: - version: -

Trust: 0.8

vendor:デルmodel:dell supportassist for home pcsscope: - version: -

Trust: 0.8

vendor:デルmodel:dell supportassist client promanagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004483 // NVD: CVE-2021-21518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21518
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2021-21518
value: HIGH

Trust: 1.0

NVD: CVE-2021-21518
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202103-888
value: HIGH

Trust: 0.6

VULHUB: VHN-379922
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-21518
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-379922
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21518
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-004483
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379922 // JVNDB: JVNDB-2021-004483 // CNNVD: CNNVD-202103-888 // NVD: CVE-2021-21518 // NVD: CVE-2021-21518

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-379922 // JVNDB: JVNDB-2021-004483 // NVD: CVE-2021-21518

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-888

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-888

PATCH

title:DSA-2021-052url:https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability

Trust: 0.8

title:Dell SupportAssist Client Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144312

Trust: 0.6

sources: JVNDB: JVNDB-2021-004483 // CNNVD: CNNVD-202103-888

EXTERNAL IDS

db:NVDid:CVE-2021-21518

Trust: 2.5

db:JVNDBid:JVNDB-2021-004483

Trust: 0.8

db:CNNVDid:CNNVD-202103-888

Trust: 0.7

db:CNVDid:CNVD-2022-83203

Trust: 0.1

db:VULHUBid:VHN-379922

Trust: 0.1

sources: VULHUB: VHN-379922 // JVNDB: JVNDB-2021-004483 // CNNVD: CNNVD-202103-888 // NVD: CVE-2021-21518

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-21518

Trust: 1.4

sources: VULHUB: VHN-379922 // JVNDB: JVNDB-2021-004483 // CNNVD: CNNVD-202103-888 // NVD: CVE-2021-21518

SOURCES

db:VULHUBid:VHN-379922
db:JVNDBid:JVNDB-2021-004483
db:CNNVDid:CNNVD-202103-888
db:NVDid:CVE-2021-21518

LAST UPDATE DATE

2024-11-23T23:11:07.317000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379922date:2021-03-19T00:00:00
db:JVNDBid:JVNDB-2021-004483date:2021-11-22T09:10:00
db:CNNVDid:CNNVD-202103-888date:2021-08-16T00:00:00
db:NVDid:CVE-2021-21518date:2024-11-21T05:48:31.083

SOURCES RELEASE DATE

db:VULHUBid:VHN-379922date:2021-03-12T00:00:00
db:JVNDBid:JVNDB-2021-004483date:2021-11-22T00:00:00
db:CNNVDid:CNNVD-202103-888date:2021-03-12T00:00:00
db:NVDid:CVE-2021-21518date:2021-03-12T20:15:11.420