CVE-2021-36297: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking. The vulnerability was discovered in September 2021 and assigned CVE-2021-36297 with a CVSS score of 7.8 (Dell Security, NVD).

The vulnerability exists in the SOSInstallerTool.exe component and requires a separate administrative action that is not a default part of the installation process. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access is required with low attack complexity and privileges required (Dell Security).

Successful exploitation of this vulnerability could allow attackers to execute arbitrary code with elevated privileges, potentially leading to complete system compromise. The high CVSS score of 7.8 reflects the severe potential impact on system confidentiality, integrity, and availability (Dell Security).

Dell has released updated versions to address this vulnerability. Users of Dell SupportAssist for Home PCs running version 3.8 and earlier should upgrade to version 3.9 or later (Dell Security).