CVE-2022-34384
11.02.2023, 01:23
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | alienware_update | 𝑥 < 4.5.0 |
| dell | command_update | 𝑥 < 4.5.0 |
| dell | supportassist_for_business_pcs | 𝑥 ≤ 3.2.0 |
| dell | supportassist_for_home_pcs | 𝑥 ≤ 3.11.2 |
| dell | update | 𝑥 < 4.5.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.