CVE-2022-34385: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

CVE-2022-34385 is a cryptographic weakness vulnerability affecting Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior). The vulnerability was disclosed on February 11, 2023, and received a CVSS v3.1 base score of 5.5 (Medium) (Dell Advisory).

The vulnerability has a CVSS vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating a Local attack vector, Low attack complexity, Low privileges required, No user interaction needed, Unchanged scope, High impact on confidentiality, and No impact on integrity or availability (Dell Advisory).

An authenticated non-admin user could potentially exploit this vulnerability to obtain sensitive information from the affected system (Dell Advisory).

Dell has released updates to address this vulnerability. SupportAssist for Home PCs should be updated to version 3.12.3, and SupportAssist for Business PCs should be updated to version 3.3.0. Users can update manually by launching SupportAssist UI, going to the About Page, and clicking on 'Check for Latest Updates' or through automatic updates if enabled (Dell Advisory).