Local Privilege Escalation in Dell SupportAssist and Related Tools
CVE-2022-34384

7.8HIGH

Key Information:

Vendor: Dell
Status: Supportassist Client Consumer
Vendor: CVE Published:; 11 February 2023

Summary

The vulnerability affects Dell SupportAssist Client for both consumer and commercial users, as well as Dell Command | Update, Dell Update, and Alienware Update. Local users with malicious intent could exploit this weakness found in the Advanced Driver Restore component, potentially gaining elevated privileges on the affected systems. It is crucial for users and administrators to verify whether they are using one of the impacted versions and to apply the necessary updates to mitigate any potential risks.

Affected Version(s)

SupportAssist Client Consumer 0 <= 3.11.1

References

https://www.dell.com/support/kbdoc/000204114

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2023
Vulnerability Reserved
Jun 23, 2022