CVE-2022-34386: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a cryptographic weakness vulnerability identified as CVE-2022-34386. The vulnerability was disclosed on February 11, 2023, and affects the cryptographic implementation in these Dell support tools (Dell Advisory).

The vulnerability has been assigned a CVSS Base Score of 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with high confidentiality impact (C:H), but no impact on integrity (I:N) or availability (A:N) (Dell Advisory).

An authenticated non-admin user could potentially exploit this vulnerability to obtain sensitive information from the affected system. The vulnerability specifically impacts the confidentiality of data, potentially exposing sensitive information to unauthorized users (Dell Advisory).

Dell has released updated versions to address this vulnerability. For SupportAssist for Home PCs, users should upgrade to version 3.12.3, and for SupportAssist for Business PCs, users should upgrade to version 3.3.0. The update can be obtained either through manual update by launching SupportAssist UI and checking for updates, or through automatic updates if enabled (Dell Advisory).