CVE-2022-29095: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability identified as CVE-2022-29095. The vulnerability was disclosed on April 12, 2022, and affects Dell's support software installed on both home and business PCs (Dell Advisory).

The vulnerability is classified as a cross-site scripting (XSS) vulnerability with a CVSS Base Score of 8.3 and a CVSS Vector String of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H. This scoring indicates that the vulnerability requires network access, has high attack complexity, needs no privileges, requires user interaction, and has a critical scope with high impacts on confidentiality, integrity, and availability (Dell Advisory).

If successfully exploited, this vulnerability could lead to the execution of malicious code on a vulnerable system. The high CVSS score of 8.3 indicates severe potential impacts on system security, with possible compromises to system confidentiality, integrity, and availability (Dell Advisory).

Dell has released security updates to address this vulnerability. For Dell SupportAssist for Home PCs, users should upgrade to version 3.11.4, and for Dell SupportAssist for Business PCs, users should upgrade to version 3.2.0. While version 3.11.3 also contains the fix for home PCs, Dell recommends upgrading to 3.11.4 for the best security (Dell Advisory).