Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000200456

DSA-2022-139 - Dell SupportAssist for Home PCs and Business PCs Security Update for Multiple Security Vulnerabilities.

Summary: Dell SupportAssist for Home PCs and Business PCs remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...

Article Content

Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29092  Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29093 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29094 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29095 Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2022-29092  Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29093 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29094 Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-29095 Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-29092  Dell SupportAssist for Home PCs Version 3.11.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click Run on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
Dell SupportAssist for Business PCs  Version 3.2.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click Run on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
CVE-2022-29093, CVE-2022-29094, and CVE-2022-29095 Dell SupportAssist for Home PCs  3.10.4 and earlier 3.11.4 SupportAssist for Home PCs
Release Notes and User Guide
Dell SupportAssist for Business PCs  3.1.1 and earlier 3.2.0
 		 TechDirect Link for Admins
Release Notes and User Guide
 
 
NOTE: Version 3.11.3 also contains the fix, however, it is recommended that customers move to 3.11.4.
CVEs Addressed Product Affected Versions Updated Versions Link to Update
CVE-2022-29092  Dell SupportAssist for Home PCs Version 3.11.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click Run on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
Dell SupportAssist for Business PCs  Version 3.2.0 and earlier  N/A There are two ways in which the customer can get the latest component which has the fix:
  • Manual steps: (Recommended) 
  1. Launch SupportAssist UI.  
  2. Go to Home Page of SupportAssist UI. 
  3. Click Run on Driver Scans tile. 
  4. Latest component with the fix is downloaded. 
  • If Driver Schedule Scan is enabled (Check by going to Settings page > Automatic Scan options.) 
  1. Scheduled Driver Scan is triggered based on the scan frequency selected by the user (By default, it is weekly but can be set to Weekly or Monthly.) 
  2. Latest component with the fix is downloaded. 
CVE-2022-29093, CVE-2022-29094, and CVE-2022-29095 Dell SupportAssist for Home PCs  3.10.4 and earlier 3.11.4 SupportAssist for Home PCs
Release Notes and User Guide
Dell SupportAssist for Business PCs  3.1.1 and earlier 3.2.0
 		 TechDirect Link for Admins
Release Notes and User Guide
 
 
NOTE: Version 3.11.3 also contains the fix, however, it is recommended that customers move to 3.11.4.

Acknowledgements

Dell would like to thank Molybdenum for reporting CVE-2022-29092 and Patrick Murphy for reporting CVE-2022-29093 and CVE-2022-29094.

Revision History

RevisionDateDescription
1.02022-06-09Initial Draft
1.12022-06-27Updated affected products and remediation section

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

SupportAssist for Home PCs, SupportAssist for Business PCs

Product

Product Security Information

Last Published Date

23 Jun 2023

Article Type

Dell Security Advisory

Back to Top