Sign-up

ID

VAR-202107-0412


CVE

CVE-2020-5316


TITLE

Dell SupportAssist for Business PCs  and  Dell SupportAssist for Home PCs  Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010124

DESCRIPTION

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. (DoS) It may be in a state. The program provides automated, proactive and predictive techniques for troubleshooting and more. The program provides automated, proactive and predictive techniques for troubleshooting and more

Trust: 1.8

sources: NVD: CVE-2020-5316 // JVNDB: JVNDB-2021-010124 // VULHUB: VHN-183441 // VULMON: CVE-2020-5316

AFFECTED PRODUCTS

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.0.2

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.3.1

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.2.3

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.0.2

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.1

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.0.1

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.0

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.1.2

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.0

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.1.1

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.1.3

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.2

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.2.2

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.3

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.2

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.1

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.0.1

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.1.3

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.0.2

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.2.1

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.3.3

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.4

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.0

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.1

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.1.1

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.1.2

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.2.2

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.2.1

Trust: 1.0

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.0.1

Trust: 1.0

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.3.2

Trust: 1.0

vendor:デルmodel:dell supportassist for business pcsscope: - version: -

Trust: 0.8

vendor:デルmodel:dell supportassist for home pcsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010124 // NVD: CVE-2020-5316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5316
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2020-5316
value: HIGH

Trust: 1.0

NVD: CVE-2020-5316
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202107-1734
value: HIGH

Trust: 0.6

VULHUB: VHN-183441
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5316
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-183441
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5316
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-010124
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183441 // JVNDB: JVNDB-2021-010124 // CNNVD: CNNVD-202107-1734 // NVD: CVE-2020-5316 // NVD: CVE-2020-5316

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-183441 // JVNDB: JVNDB-2021-010124 // NVD: CVE-2020-5316

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1734

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202107-1734

PATCH

title:DSA-2020-005url:http://www.dell.com/support/article/SLN320101

Trust: 0.8

title:DELL Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157450

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2020/02/11/dell_supportassist_flaw/

Trust: 0.2

title:Threatposturl:https://threatpost.com/dell-patches-supportassist-flaw-that-allows-arbitrary-code-execution/152771/

Trust: 0.1

sources: VULMON: CVE-2020-5316 // JVNDB: JVNDB-2021-010124 // CNNVD: CNNVD-202107-1734

EXTERNAL IDS

db:NVDid:CVE-2020-5316

Trust: 3.4

db:JVNDBid:JVNDB-2021-010124

Trust: 0.8

db:CNNVDid:CNNVD-202107-1734

Trust: 0.7

db:CNVDid:CNVD-2020-04706

Trust: 0.1

db:VULHUBid:VHN-183441

Trust: 0.1

db:VULMONid:CVE-2020-5316

Trust: 0.1

sources: VULHUB: VHN-183441 // VULMON: CVE-2020-5316 // JVNDB: JVNDB-2021-010124 // CNNVD: CNNVD-202107-1734 // NVD: CVE-2020-5316

REFERENCES

url:http://www.dell.com/support/article/sln320101

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-5316

Trust: 1.4

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/dell-patches-supportassist-flaw-that-allows-arbitrary-code-execution/152771/

Trust: 0.1

sources: VULHUB: VHN-183441 // VULMON: CVE-2020-5316 // JVNDB: JVNDB-2021-010124 // CNNVD: CNNVD-202107-1734 // NVD: CVE-2020-5316

SOURCES

db:VULHUBid:VHN-183441
db:VULMONid:CVE-2020-5316
db:JVNDBid:JVNDB-2021-010124
db:CNNVDid:CNNVD-202107-1734
db:NVDid:CVE-2020-5316

LAST UPDATE DATE

2024-08-14T15:27:43.758000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-183441date:2021-08-02T00:00:00
db:VULMONid:CVE-2020-5316date:2021-07-22T00:00:00
db:JVNDBid:JVNDB-2021-010124date:2022-06-22T02:01:00
db:CNNVDid:CNNVD-202107-1734date:2021-08-03T00:00:00
db:NVDid:CVE-2020-5316date:2021-08-02T15:15:46.337

SOURCES RELEASE DATE

db:VULHUBid:VHN-183441date:2021-07-22T00:00:00
db:VULMONid:CVE-2020-5316date:2021-07-22T00:00:00
db:JVNDBid:JVNDB-2021-010124date:2022-06-22T00:00:00
db:CNNVDid:CNNVD-202107-1734date:2021-07-22T00:00:00
db:NVDid:CVE-2020-5316date:2021-07-22T17:15:08.417