Insufficient Session Expiration in SupportAssist for Home PCs by Dell
CVE-2022-34392
5.5MEDIUM
Summary
SupportAssist for Home PCs versions 3.11.4 and earlier are vulnerable to an insufficient session expiration issue. This vulnerability allows authenticated, non-admin users to exploit session management by obtaining refresh tokens. As a result, these users can reuse access tokens, granting them unauthorized access to sensitive information within the application, thus raising serious security concerns for users.
Affected Version(s)
SupportAssist 0 <= 3.11.4
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved