CVE-2024-52535 HIGH

CVE-2024-52535

Vendor Dell
Product SupportAssist for Home PCs
Weakness CWE-61
Published December 25, 2024
Last update December 26, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

Key dates

02Disclosure timeline

December 25, 2024 CVE published
December 26, 2024 Record updated