CVE-2022-29093: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability identified as CVE-2022-29093. The vulnerability was disclosed on June 9, 2022, affecting Dell's support software installed on both home and business PCs (Dell Advisory).

The vulnerability is classified as a path traversal issue (CWE-22) that allows authenticated non-admin users to delete arbitrary files on the system. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, indicating local access, low attack complexity, and no requirement for user interaction (Dell Advisory).

The exploitation of this vulnerability could allow an authenticated non-administrator user to delete arbitrary files on the affected system, potentially leading to system instability or denial of service. The impact is significant as it affects both integrity and availability of the system, though confidentiality is not directly impacted (Dell Advisory).

Dell has released updated versions to address this vulnerability. For Dell SupportAssist for Home PCs, users should upgrade to version 3.11.4, and for Dell SupportAssist for Business PCs, users should upgrade to version 3.2.0. While version 3.11.3 also contains the fix for home PCs, Dell recommends updating to 3.11.4 for the best protection (Dell Advisory).

Dell acknowledged Patrick Murphy for reporting CVE-2022-29093, demonstrating the company's engagement with security researchers in addressing vulnerabilities (Dell Advisory).