PT-2022-19410 · Dell · Dell Supportassist Client Commercial+1

Published

2022-06-10

Updated

2022-06-17

CVE-2022-29093

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell SupportAssist Client Consumer versions 3.10.4 and earlier Dell SupportAssist Client Commercial versions 3.1.1 and earlier

Description The issue allows an authenticated non-admin user to delete arbitrary files on the system. This is due to an arbitrary file deletion vulnerability in the affected software.

Recommendations For Dell SupportAssist Client Consumer versions 3.10.4 and earlier, update to a version later than 3.10.4 to resolve the issue. For Dell SupportAssist Client Commercial versions 3.1.1 and earlier, update to a version later than 3.1.1 to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-29093

Affected Products

Dell Supportassist Client Commercial

Dell Supportassist Client Consumer

PT-2022-19410 · Dell · Dell Supportassist Client Commercial+1

CVE-2022-29093

Weakness Enumeration

Related Identifiers

Affected Products

References · 6