CVE-2024-52535
Published: 25 December 2024
Summary
CVE-2024-52535 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Dell Supportassist For Business Pcs. Its CVSS base score is 7.1 (High).
Operationally, ranked in the top 41.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46238
Vulnerability details
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability,…
more
gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.