CVE-2022-29092 – Dell SupportAssist contains a privilege escalat... (How to Fix)

Q: What is the severity of CVE-2022-29092?

CVE-2022-29092 has a CVSS score of 7.8 (HIGH). Dell SupportAssist contains a privilege escalation vulnerability where non-admin users can gain admin access to the system. This affects both Consumer and Commercial versions of the software on Windows systems. Attackers with local access can exploit this to elevate privileges.

📋 TL;DR

Dell SupportAssist contains a privilege escalation vulnerability where non-admin users can gain admin access to the system. This affects both Consumer and Commercial versions of the software on Windows systems. Attackers with local access can exploit this to elevate privileges.

💻 Affected Systems

Products:

Dell SupportAssist Client Consumer
Dell SupportAssist Client Commercial

Versions: Consumer versions 3.11.0 and prior, Commercial versions 3.2.0 and prior

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both home and business versions of Dell SupportAssist. Requires local access to the system.

📦 What is this software?

Supportassist For Business Pcs by Dell

View all CVEs affecting Supportassist For Business Pcs →

Supportassist For Home Pcs by Dell

View all CVEs affecting Supportassist For Home Pcs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of malware, data theft, persistence mechanisms, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation leading to administrative control over the affected system, enabling further malicious activities.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though privilege escalation remains possible.

🌐 Internet-Facing: LOW (requires local access to exploit)

🏢 Internal Only: HIGH (any authenticated user on affected systems can potentially gain admin privileges)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access but exploitation is straightforward once access is obtained. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Consumer version 3.11.1 or later, Commercial version 3.2.1 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities

Restart Required: Yes

Instructions:

1. Open Dell SupportAssist. 2. Check for updates in settings. 3. Install available updates. 4. Restart the system. Alternatively, download latest version from Dell's website.

🔧 Temporary Workarounds

Uninstall SupportAssist

windows

Remove vulnerable software entirely if not needed

Control Panel > Programs > Uninstall a program > Select Dell SupportAssist > Uninstall

Restrict Local Access

all

Limit physical and remote access to vulnerable systems

🧯 If You Can't Patch

Implement strict access controls to limit local user access to affected systems
Monitor for privilege escalation attempts and unusual administrative activity

🔍 How to Verify

Check if Vulnerable:

Check SupportAssist version: Open SupportAssist > Settings > About. Compare version against affected ranges.

Check Version:

wmic product where name="Dell SupportAssist" get version

Verify Fix Applied:

Verify version is Consumer 3.11.1+ or Commercial 3.2.1+. Test with non-admin account attempting privilege escalation.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
SupportAssist process spawning with elevated privileges
Failed or successful UAC bypass attempts

Network Indicators:

Unusual outbound connections from SupportAssist processes

SIEM Query:

EventID=4688 AND ProcessName="*SupportAssist*" AND NewProcessName="*cmd*" OR NewProcessName="*powershell*"

📊 Metadata

CVE ID: CVE-2022-29092

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: June 10, 2022

Last Updated: November 21, 2024

🔗 References

https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities Release Notes,Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29092, you might also want to check these: