CVE-2022-34458: 
Dell Command Update vulnerability analysis and mitigation

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain an Exposure of Sensitive System Information vulnerability identified as CVE-2022-34458. The vulnerability was discovered and reported by Alexander Pudwill, with a CVSS base score of 6.6. The affected software versions include all releases before version 4.7.1 of Dell Command | Update and Dell Update/Alienware Update applications for Windows 10 (Dell Security Advisory).

The vulnerability (CVE-2022-34458) is characterized as an Exposure of Sensitive System Information to an unauthorized user vulnerability. It has a CVSS Vector String of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L, indicating local access requirements with low attack complexity. The vulnerability requires local user privileges to exploit and does not require user interaction. The impact includes high confidentiality breach potential with low integrity and availability impacts (Dell Security Advisory).

A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data from the affected system. The vulnerability's high confidentiality impact rating suggests significant potential for unauthorized access to sensitive information (Dell Security Advisory).

Dell has released version 4.7.1 of both Dell Command | Update and Dell Update/Alienware Update applications to address this vulnerability. Users are advised to update to these latest versions through the Universal Windows Platform version for Windows 10 32-bit and 64-bit systems (Dell Security Advisory).