CVE-2021-36297
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | SupportAssist Client Consumer | 3.8, 3.9 | affected |
Weaknesses
- CWE-426: CWE-426: Untrusted Search Path
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.