CVE-2024-52535: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

CVE-2024-52535 is a symbolic link (symlink) attack vulnerability discovered in Dell SupportAssist software, affecting both Home PCs (versions 4.6.1 and prior) and Business PCs (versions 4.5.0 and prior). The vulnerability was disclosed on December 25, 2024, and resides in the software remediation component (NVD, Dell Advisory).

The vulnerability has been assigned a CVSS Base Score of 7.1 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. This indicates that the vulnerability requires local access but is relatively low in complexity. The vulnerability is classified under CWE-61 (UNIX Symbolic Link Following) and CWE-59 (Improper Link Resolution Before File Access) (NVD).

The exploitation of this vulnerability could lead to privilege escalation, enabling attackers to perform arbitrary deletion of files and folders from the system. The impact is particularly severe as it allows low-privileged authenticated users to gain elevated privileges and potentially compromise system integrity (Cybersecurity News, NVD).

Dell has released security updates to address this vulnerability. Users of SupportAssist for Home PCs should update to version 4.6.2 or later, while Business PC users should upgrade to version 4.5.1 or later. These updates are available through Dell's official support channels (ASEC, Dell Advisory).