CVE-2022-34392
https://notcve.org/view.php?id=CVE-2022-34392
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. • https://www.dell.com/support/kbdoc/000204114 • CWE-613: Insufficient Session Expiration •
CVE-2022-34389
https://notcve.org/view.php?id=CVE-2022-34389
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. • https://www.dell.com/support/kbdoc/000204114 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2022-34388
https://notcve.org/view.php?id=CVE-2022-34388
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. • https://www.dell.com/support/kbdoc/000204114 • CWE-312: Cleartext Storage of Sensitive Information CWE-318: Cleartext Storage of Sensitive Information in Executable •
CVE-2022-34387
https://notcve.org/view.php?id=CVE-2022-34387
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. • https://www.dell.com/support/kbdoc/000204114 • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-34386
https://notcve.org/view.php?id=CVE-2022-34386
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. • https://www.dell.com/support/kbdoc/000204114 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •