Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000200456


DSA-2022-139 - Dell SupportAssist for Home PCs and Business PCs Security Update for Multiple Security Vulnerabilities.

Summary: Dell SupportAssist for Home PCs and Business PCs remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affectedSee more

Article Content


Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29092  Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 
CVE-2022-29093 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 
CVE-2022-29094 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 
CVE-2022-29095 Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29092  Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 
CVE-2022-29093 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 
CVE-2022-29094 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 
CVE-2022-29095 Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed
 
Product Affected Versions Updated Versions Link to Update
CVE-2022-29092  Dell SupportAssist for Home PCs Version 3.11.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click "Run" on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
Dell SupportAssist for Business PCs  Version 3.2.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click "Run" on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
CVE-2022-29093, CVE-2022-29094, and CVE-2022-29095 Dell SupportAssist for Home PCs  3.10.4 and earlier 3.11.4 SupportAssist for Home PCs
Release Notes and User Guide
Dell SupportAssist for Business PCs  3.1.1 and earlier 3.2.0
 
TechDirect Link for Admins
Release Notes and User Guide
 

Note: Version 3.11.3 also contains the fix, however, it is recommended that customers move to 3.11.4.
CVEs Addressed
 
Product Affected Versions Updated Versions Link to Update
CVE-2022-29092  Dell SupportAssist for Home PCs Version 3.11.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click "Run" on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
Dell SupportAssist for Business PCs  Version 3.2.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click "Run" on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
CVE-2022-29093, CVE-2022-29094, and CVE-2022-29095 Dell SupportAssist for Home PCs  3.10.4 and earlier 3.11.4 SupportAssist for Home PCs
Release Notes and User Guide
Dell SupportAssist for Business PCs  3.1.1 and earlier 3.2.0
 
TechDirect Link for Admins
Release Notes and User Guide
 

Note: Version 3.11.3 also contains the fix, however, it is recommended that customers move to 3.11.4.
Acknowledgements

Dell would like to thank Molybdenum for reporting CVE-2022-29092 and Patrick Murphy for reporting CVE-2022-29093 and CVE-2022-29094.

Revision History

RevisionDateDescription
1.02022-06-09Initial Draft
1.12022-06-27Updated affected products and remediation section

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Article Properties


Affected Product

SupportAssist for Home PCs, SupportAssist for Business PCs

Product

Product Security Information

Last Published Date

27 Jun 2022

Version

2

Article Type

Dell Security Advisory