CVE-2021-21518
First published: Wed Mar 10 2021(Updated: )
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell SupportAssist Client ProManage | =1.0 | |
| Dell SupportAssist for Business PCs | =2.0.0 | |
| Dell SupportAssist for Business PCs | =2.1.0 | |
| Dell SupportAssist for Business PCs | =2.2.0 | |
| Dell SupportAssist for Home PCs | =3.3.3 | |
| Dell SupportAssist for Home PCs | =3.4.0 | |
| Dell SupportAssist for Home PCs | =3.6.0 | |
| Dell SupportAssist for Home PCs | =3.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-21518 vulnerability?
CVE-2021-21518 is a DLL injection vulnerability in Dell SupportAssist Client for Consumer and Business PCs.
What is the severity of CVE-2021-21518?
The severity of CVE-2021-21518 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2021-21518?
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x and Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x are affected by CVE-2021-21518.
How can a local user exploit CVE-2021-21518?
A local user with low privileges could exploit CVE-2021-21518 by injecting malicious DLL files into the affected applications.
Is there a security update available for CVE-2021-21518?
Yes, Dell has released a security update to address the CVE-2021-21518 vulnerability. Please refer to the Dell support website for more information.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell supportassist client promanage
- version/dell supportassist client promanage/1.0
- canonical/dell supportassist for business pcs
- version/dell supportassist for business pcs/2.0.0
- version/dell supportassist for business pcs/2.1.0
- version/dell supportassist for business pcs/2.2.0
- canonical/dell supportassist for home pcs
- version/dell supportassist for home pcs/3.3.3
- version/dell supportassist for home pcs/3.4.0
- version/dell supportassist for home pcs/3.6.0
- version/dell supportassist for home pcs/3.7.0