CVE-2022-29093

Vulnerability

Dell SupportAssist Client Consumer versions 3.10.4 and prior, and Dell SupportAssist Client Commercial versions 3.1.1 and prior, are affected by an arbitrary file deletion vulnerability [1]. The flaw resides in the product's file handling logic, allowing an authenticated user without administrative privileges to delete arbitrary files on the system [1].

Exploitation

An attacker must be an authenticated user on the affected system, but does not require administrative rights [1]. The attacker can exploit the vulnerability to delete arbitrary files; specific steps are not detailed in the available references, but the weakness is triggered through the application's normal file operations [1].

Impact

Successful exploitation allows an authenticated non-admin attacker to delete arbitrary files, potentially causing denial of service or system instability [1]. The vulnerability does not grant code execution or privilege escalation beyond the user's existing permissions [1].

Mitigation

Dell has addressed this vulnerability by providing updated components. For Dell SupportAssist for Home PCs, the fix is available through the Driver Scans feature (manual or scheduled) [1]. For Dell SupportAssist for Business PCs, the same mechanism applies [1]. Users should run a Driver Scan to obtain the patched component; the updated versions are not explicitly numbered in the advisory, but the fix is delivered via the scan [1].