According to its self-reported version number, the version of Dell SupportAssist Client is affected by multiple vulnerabilities.

– SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. (CVE-2022-34384)

– Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. (CVE-2022-34389)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More