CVE-2021-21518
Last modified
CVE-2021-21518 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Supportassist Client Promanage | 1.0 |
| Dell | Supportassist For Business Pcs | 2.0.0 |
| Dell | Supportassist For Business Pcs | 2.1.0 |
| Dell | Supportassist For Business Pcs | 2.2.0 |
| Dell | Supportassist For Home Pcs | 3.3.3 |
| Dell | Supportassist For Home Pcs | 3.4.0 |
| Dell | Supportassist For Home Pcs | 3.6.0 |
| Dell | Supportassist For Home Pcs | 3.7.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-21518?
How severe is CVE-2021-21518?
How do I fix CVE-2021-21518?
Are you affected by CVE-2021-21518?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST