Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

DSA-2022-139 - Dell SupportAssist for Home PCs and Business PCs Security Update for Multiple Security Vulnerabilities.

Summary: Dell SupportAssist for Home PCs and Business PCs remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29092  Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29093 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29094 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29095 Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29092  Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29093 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29094 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29095 Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-29092  Dell SupportAssist for Home PCs Version 3.11.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click Run on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
Dell SupportAssist for Business PCs  Version 3.2.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click Run on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
CVE-2022-29093, CVE-2022-29094, and CVE-2022-29095 Dell SupportAssist for Home PCs  3.10.4 and earlier 3.11.4 SupportAssist for Home PCs
Release Notes and User Guide
Dell SupportAssist for Business PCs  3.1.1 and earlier 3.2.0
 
TechDirect Link for Admins
Release Notes and User Guide
 
 
NOTE: Version 3.11.3 also contains the fix, however, it is recommended that customers move to 3.11.4.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-29092  Dell SupportAssist for Home PCs Version 3.11.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click Run on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
Dell SupportAssist for Business PCs  Version 3.2.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click Run on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
CVE-2022-29093, CVE-2022-29094, and CVE-2022-29095 Dell SupportAssist for Home PCs  3.10.4 and earlier 3.11.4 SupportAssist for Home PCs
Release Notes and User Guide
Dell SupportAssist for Business PCs  3.1.1 and earlier 3.2.0
 
TechDirect Link for Admins
Release Notes and User Guide
 
 
NOTE: Version 3.11.3 also contains the fix, however, it is recommended that customers move to 3.11.4.

Revision History

RevisionDateDescription
1.02022-06-09Initial Draft
1.12022-06-27Updated affected products and remediation section

Acknowledgements

Dell would like to thank Molybdenum for reporting CVE-2022-29092 and Patrick Murphy for reporting CVE-2022-29093 and CVE-2022-29094.

Related Information

Affected Products

SupportAssist for Home PCs, SupportAssist for Business PCs

Products

Product Security Information
Article Properties
Article Number: 000200456
Article Type: Dell Security Advisory
Last Modified: 23 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.