Dells SupportAssist application gets leveraged by hackers


A recent vulnerability found in Dell's SupportaAssist software found that if exploited correctly can lead to code execution for unprivileged users. This is known as an uncontrolled search path vulnerability (CVE-2020-5316).

Dells SupportAssist application gets leveraged by hackers

Posted on 2020-02-12 by Peter Bassill in category Penetration Testing.


Pentesting   Exploits   CVE-2020-5316  


A recent vulnerability found in Dell’s SupportaAssist software found that if exploited correctly can lead to code execution for unprivileged users. This is known as an uncontrolled search path vulnerability (CVE-2020-5316).


This vulnerability could cause a low privileged user to change the loading of arbitrary code through the SupportAssist binaries which results in privileged execution of the arbitrary code. This vulnerability was discovered by ‘CyberArk’ security researcher.


“A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.”


SupportAssist is a software designed by Dell for the purpose of alerting the company of any issues on a customers hardware or software.


It’s possible to patch Dell SupportAssist by updating it and keeping auto upgrade enabled to keep up to date of any patches that are due.



Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?