Rate Limit Bypass in Dell SupportAssist
CVE-2022-34389

3.7LOW

Key Information:

Vendor: Dell
Status: Supportassist
Vendor: CVE Published:; 11 February 2023

Summary

Dell SupportAssist suffers from a rate limit bypass vulnerability in its screenmeet API component. This flaw allows an unauthenticated attacker to impersonate a legitimate customer, potentially leading to unauthorized access to support services provided by Dell. Exploiting this vulnerability could undermine customer trust and facilitate further malicious actions against both customers and the support infrastructure.

Affected Version(s)

SupportAssist 0 <= 3.11.1, 3.2

References

https://www.dell.com/support/kbdoc/000204114

vendor-advisory

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2023
Vulnerability Reserved
Jun 23, 2022