VYPR

SupportAssist

by Dell

CVEs (7)

  • CVE-2019-3718HigApr 18, 2019
    risk 0.57cvss 8.8epss 0.01

    Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

  • CVE-2019-3719HigApr 18, 2019
    risk 0.53cvss 8.0epss 0.16

    Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and…

  • CVE-2022-34388HigFeb 11, 2023
    risk 0.46cvss 7.1epss 0.00

    Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive…

  • CVE-2022-34387MedFeb 11, 2023
    risk 0.42cvss 6.4epss 0.00

    Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and…

  • CVE-2022-34392MedFeb 11, 2023
    risk 0.36cvss 5.5epss 0.00

    SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.

  • CVE-2022-34389LowFeb 11, 2023
    risk 0.24cvss 3.7epss 0.00

    Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.

  • CVE-2022-34394LowSep 28, 2022
    risk 0.24cvss 3.7epss 0.00

    Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could…