CVE-2022-34366: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

CVE-2022-34366 is an Overly Permissive Cross-domain Whitelist vulnerability affecting Dell SupportAssist for Home PCs version 3.11.2 and prior. The vulnerability was disclosed in 2022 and assigned a CVSS base score of 6.5, indicating a moderate to high severity level (Dell Advisory).

The vulnerability is characterized by an overly permissive cross-domain whitelist implementation in Dell SupportAssist. It has been assigned a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating that it can be exploited remotely with low attack complexity, requires no privileges but does need user interaction, and can result in high confidentiality impact without affecting integrity or availability (Dell Advisory).

The vulnerability allows an authenticated non-admin user to potentially exploit the issue and obtain sensitive information from the affected system. The high confidentiality impact rating in the CVSS score indicates that the vulnerability could lead to significant unauthorized information disclosure (Dell Advisory).

Dell has released version 3.12.3 of SupportAssist for Home PCs to address this vulnerability. Users can update their software either manually by launching SupportAssist UI, going to the About Page, and clicking on 'Check for Latest Updates', or through automatic updates if enabled in the Settings page under Privacy options (Dell Advisory).