CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44283
https://notcve.org/view.php?id=CVE-2023-44283
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. En Dell SupportAssist para PC domésticas (entre v3.0 y v3.14.1) y SupportAssist para PC empresariales (entre v3.0 y v3.4.1), se identificó un problema de seguridad que afecta a los usuarios autenticados localmente en sus respectivas PC. Este problema puede permitir potencialmente la escalada de privilegios y la ejecución de código arbitrario, en el contexto del sistema Windows y limitado a esa PC local específica. • https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34389
https://notcve.org/view.php?id=CVE-2022-34389
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. • https://www.dell.com/support/kbdoc/000204114 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34388
https://notcve.org/view.php?id=CVE-2022-34388
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. • https://www.dell.com/support/kbdoc/000204114 • CWE-312: Cleartext Storage of Sensitive Information CWE-318: Cleartext Storage of Sensitive Information in Executable •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34387
https://notcve.org/view.php?id=CVE-2022-34387
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. • https://www.dell.com/support/kbdoc/000204114 • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34386
https://notcve.org/view.php?id=CVE-2022-34386
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. • https://www.dell.com/support/kbdoc/000204114 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •