Vulnerability CVE-2022-29093

Vulnerability CVE-2022-29093

Published: 2022-06-10

Description:

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.6/10	4.9/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	Partial

Affected software
DELL -> Supportassist for business pcs
DELL -> Supportassist for home pcs

References:

https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities

Vulnerability CVE-2022-29093

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.

CWE-22

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

3.6/10

4.9/10

3.9/10

Local

Low

No required

None

Partial

Partial

Affected software

References: