CVE-2022-34382: 
Dell Command Update vulnerability analysis and mitigation

CVE-2022-34382 is a Local Privilege Escalation Vulnerability affecting Dell Command Update, Dell Update, and Alienware Update versions prior to 4.6.0. The vulnerability was discovered in the custom catalog configuration component and was disclosed in June 2022 (Dell Advisory).

The vulnerability has been assigned a CVSS Base Score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability requires local access, low attack complexity, and low privileges to exploit, but can result in high impacts to confidentiality, integrity, and availability (Dell Advisory).

If successfully exploited, this vulnerability allows a local malicious user to elevate their privileges on the affected system, potentially gaining full system access (Dell Advisory).

Dell has released version 4.6.0 of the affected software to address this vulnerability. Users are advised to update to this version through either the Universal Windows Platform version for Windows 10 32 and 64 bit or the Windows 32 and 64-bit version for Microsoft Windows 7, 8, 8.1, and 10 (Dell Advisory).

Dell has acknowledged the contribution of Alexander Pudwill for reporting this security issue (Dell Advisory).