Pierluigi Paganini February 11, 2020

Dell addresses a flaw in the Dell SupportAssist Client software that could allow local attackers to execute arbitrary code with Administrator privileges.

Dell released a security update to address a vulnerability, tracked as CVE-2020-5316, in its SupportAssist Client software. The flaw could be exploited by local attackers to execute arbitrary code with Administrator privileges on affected systems.

Dell SupportAssist software is described as a tool that proactively checks the health of system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting.

To solve the problems Dell SupportAssist interacts with the Dell Support website and automatically detect Service Tag or Express Service Code of Dell product.

The utility performs hardware diagnostic tests and analyzes the hardware configuration of the system, including installed device drivers, and is able to install missing or available driver updates.

The software leverages a local web service that is protected using the “Access-Control-Allow-Origin” response header and implementing restrictions to accept commands only from the “dell.com” website or its subdomains,

The SupportAssist software is pre-installed on most of all new Dell computers running Windows OS.

“A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. “reads the security advisory published by Dell.

The issue is an uncontrolled search path vulnerability that was reported by the security expert Eran Shimony from Cyberark. The CVE-2020-5316, flaw received a high severity CVSSv3 base score of 7.8.

The vulnerability affects the following Dell versions:

• Dell for business PCs version 2.1.3 or earlier
• Dell for home PCs version 3.4 or earlier.

Dell addresses the issue with the release of Dell SupportAssist for business PCs version 2.1.4, Dell SupportAssist for home PCs version 3.4.1.

Dell users urge to update the Dell SupportAssist software on their systems as soon as possible.

All versions of SupportAssist will automatically install the latest released versions if automatic upgrades are enabled, otherwise the steps for a manual update of the client for home PCs are:

1. Open SupportAssist.
2. On the top-right corner of the SupportAssist window, click the ‘Settings’ icon, and then click ‘About SupportAssist’. SupportAssist will automatically check if a newer version of SupportAssist is available.

• If no update is available, a message indicating that the latest version of SupportAssist is installed are displayed.
• If a newer version of SupportAssist is available, the ‘Update Now’ link is displayed.

1. Upon clicking Update Now, the latest version of SupportAssist is downloaded and installed on the system.

For manual update of SupportAssist for business PCs, please refer to the Dell SupportAssist for business PCs deployment guide for deployment instructions.

In May 2019, the security researcher Bill Demirkapi discovered a critical remote code execution vulnerability (CVE-2019-3719) in the Dell SupportAssist utility that could be exploited by hackers to compromise systems remotely.

Demirkapi discovered that it is possible to bypass the protections implemented by Dell and download and execute malicious code from a remote server under the control of the attackers.

Pierluigi Paganini

(SecurityAffairs – hacking, Dell)

[adrotate banner=”5″]

[adrotate banner=”13″]