CVE-2022-34392: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

CVE-2022-34392 is an insufficient session expiration vulnerability affecting Dell SupportAssist for Home PCs versions 3.11.4 and prior. The vulnerability was disclosed and documented in Dell's security advisory DSA-2022-190, with remediation becoming available in October 2022 (Dell Advisory).

The vulnerability has been assigned a CVSS Base Score of 5.5 with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The technical nature of the vulnerability involves insufficient session management where an authenticated non-admin user can obtain the refresh token, which subsequently leads to the ability to reuse the access token and fetch sensitive information (Dell Advisory).

The vulnerability allows authenticated non-admin users to obtain refresh tokens and reuse access tokens, potentially leading to unauthorized access to sensitive information. The high confidentiality impact (C:H) in the CVSS score indicates significant potential for information disclosure (Dell Advisory).

Dell has released version 3.12.3 of SupportAssist for Home PCs to address this vulnerability. Users can update their software either manually by launching SupportAssist UI, going to the About Page, and clicking on 'Check for Latest Updates', or through automatic updates if enabled in the Settings page under Privacy options (Dell Advisory).