Login Sign Up

CVE-2022-34388

7.1 HIGH

📋 TL;DR

This vulnerability allows local low-privileged users to view and modify sensitive information in Dell SupportAssist's database. It affects both Home and Business PC versions of Dell SupportAssist. The vulnerability represents an information disclosure risk that could expose system data to unauthorized users.

💻 Affected Systems

Products:
  • Dell SupportAssist for Home PCs
  • Dell SupportAssist for Business PCs
Versions: Home PCs: 3.11.4 and prior; Business PCs: 3.2.0 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both consumer and business versions of Dell SupportAssist. Requires local access with low privileges.

📦 What is this software?

Supportassist For Business Pcs by Dell

View all CVEs affecting Supportassist For Business Pcs →

Supportassist For Home Pcs by Dell

View all CVEs affecting Supportassist For Home Pcs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious insider could access and modify sensitive system information, potentially enabling privilege escalation or exposing confidential data stored in the SupportAssist database.

🟠

Likely Case

Local users could view system information, configuration details, or diagnostic data that should be restricted, potentially enabling further attacks or information gathering.

🟢

If Mitigated

With proper access controls and patching, the risk is limited to authorized users only accessing their own system information.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access with low privileges. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Home PCs: 3.11.5 or later; Business PCs: 3.2.1 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/000204114

Restart Required: Yes

Instructions:

1. Open Dell SupportAssist. 2. Check for updates in settings. 3. Install available updates. 4. Restart the system if prompted.

🔧 Temporary Workarounds

Restrict Local Access

windows

Limit physical and remote access to systems running vulnerable versions of SupportAssist

Disable SupportAssist

windows

Temporarily disable Dell SupportAssist until patching can be completed

sc config "Dell SupportAssist Agent" start= disabled
sc stop "Dell SupportAssist Agent"

🧯 If You Can't Patch

  • Implement strict access controls to limit local user access to affected systems
  • Monitor for unusual database access patterns or unauthorized local user activity

🔍 How to Verify

Check if Vulnerable:

Check Dell SupportAssist version in the application or via Control Panel > Programs and Features

Check Version:

wmic product where "name like 'Dell SupportAssist%'" get version

Verify Fix Applied:

Verify version is 3.11.5 or later for Home PCs, or 3.2.1 or later for Business PCs

📡 Detection & Monitoring

Log Indicators:

  • Unusual database access patterns in SupportAssist logs
  • Multiple failed or successful access attempts to SupportAssist database files

Network Indicators:

  • Local connections to SupportAssist database files from unauthorized users

SIEM Query:

EventID=4688 AND ProcessName LIKE '%SupportAssist%' AND CommandLine LIKE '%database%'

📊 Metadata

CVE ID: CVE-2022-34388
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-318
Published: February 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON