Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information…
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.
The product stores sensitive information in cleartext in an executable.
https://cwe.mitre.org/data/definitions/318.html →Open in CWE collection →An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
https://capec.mitre.org/data/definitions/37.html →Open in CAPEC collection →An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.
https://capec.mitre.org/data/definitions/65.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| supportassist_for_business_pcs | * | Tracked |
| supportassist_for_home_pcs | * | Tracked |