CVE-2022-34404
https://notcve.org/view.php?id=CVE-2022-34404
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. • https://www.dell.com/support/kbdoc/000203733 • CWE-295: Improper Certificate Validation •
CVE-2022-34392
https://notcve.org/view.php?id=CVE-2022-34392
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. • https://www.dell.com/support/kbdoc/000204114 • CWE-613: Insufficient Session Expiration •
CVE-2022-34389
https://notcve.org/view.php?id=CVE-2022-34389
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. • https://www.dell.com/support/kbdoc/000204114 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2022-34388
https://notcve.org/view.php?id=CVE-2022-34388
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. • https://www.dell.com/support/kbdoc/000204114 • CWE-312: Cleartext Storage of Sensitive Information CWE-318: Cleartext Storage of Sensitive Information in Executable •
CVE-2022-34387
https://notcve.org/view.php?id=CVE-2022-34387
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. • https://www.dell.com/support/kbdoc/000204114 • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •