CVE-2022-34384 - OpenCVE

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Supportassist For Business Pcs Update Command Update Supportassist For Home Pcs Alienware Update

Configuration 1 [-]

OR	cpe:2.3:a:dell:alienware_update::::::::
	cpe:2.3:a:dell:command_update::::::::
	cpe:2.3:a:dell:supportassist_for_business_pcs::::::::
	cpe:2.3:a:dell:supportassist_for_home_pcs::::::::
	cpe:2.3:a:dell:update::::::::

References

Link	Resource
https://www.dell.com/support/kbdoc/000204114	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2023-02-10T20:03:33.740Z

Updated:

Reserved: 2022-06-23T18:55:17.090Z

Link: CVE-2022-34384

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-11T01:23:23.793

Modified: 2023-11-07T03:48:34.883

Link: CVE-2022-34384

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-34384", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2022-06-23T18:55:17.090Z", "datePublished": "2023-02-10T20:03:33.740Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SupportAssist Client Consumer", "vendor": "Dell", "versions": [{"lessThanOrEqual": "3.11.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2022-10-11T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<div><div>Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.</div></div>\n\n"}], "value": "\nDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.\n\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-02-10T20:03:33.740Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/000204114"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:alienware_update:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DA837B0-98B0-48B1-BA9A-131705A512FC", "versionEndExcluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:command_update:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7DC6EFB-D090-4E47-8B0B-E5E3C3F40769", "versionEndExcluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1EC6BDC-86EE-4229-928D-BB7602A4E725", "versionEndIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E1454A5-072D-49AE-81B0-7153D57B3941", "versionEndIncluding": "3.11.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:update:*:*:*:*:*:*:*:*", "matchCriteriaId": "59BF84EB-71FA-454F-8A63-49109237409E", "versionEndExcluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.\n\n\n\n\n\n"}], "id": "CVE-2022-34384", "lastModified": "2023-11-07T03:48:34.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2023-02-11T01:23:23.793", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000204114"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-250"}], "source": "security_alert@emc.com", "type": "Secondary"}]}