CVE-2022-34388: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain an information disclosure vulnerability identified as CVE-2022-34388. The vulnerability was disclosed on February 11, 2023, and received a CVSS v3.1 Base Score of 7.1 (High) (Dell Advisory).

The vulnerability is characterized by a local attack vector with low attack complexity and requires low privileges to exploit, with no user interaction needed. The CVSS metrics indicate high impacts on both confidentiality and integrity, while availability remains unaffected. The vulnerability has a CVSS vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (Dell Advisory).

A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application (Dell Advisory).

Dell has released updated versions to address this vulnerability. SupportAssist for Home PCs should be updated to version 3.12.3, and SupportAssist for Business PCs should be updated to version 3.3.0. Users can update manually by launching SupportAssist UI, going to the About Page, and clicking on 'Check for Latest Updates' (Dell Advisory).