All the vulnerabilites related to Dell - SupportAssist for Business PCs
var-202302-0724
Vulnerability from variot
SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0724",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.0"
},
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.11.4"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "3.11.4 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"db": "NVD",
"id": "CVE-2022-34385"
}
]
},
"cve": "CVE-2022-34385",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-34385",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-014044",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34385",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34385",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-014044",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-767",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-767"
},
{
"db": "NVD",
"id": "CVE-2022-34385"
},
{
"db": "NVD",
"id": "CVE-2022-34385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nSupportAssist for Home PCs (version 3.11.4 and prior) and \u00a0SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34385"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"db": "VULHUB",
"id": "VHN-426701"
},
{
"db": "VULMON",
"id": "CVE-2022-34385"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34385",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014044",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-767",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426701",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34385",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426701"
},
{
"db": "VULMON",
"id": "CVE-2022-34385"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-767"
},
{
"db": "NVD",
"id": "CVE-2022-34385"
}
]
},
"id": "VAR-202302-0724",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426701"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:26:52.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-190",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"title": "Dell SupportAssist Client Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226223"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-34385 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34385"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-767"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426701"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"db": "NVD",
"id": "CVE-2022-34385"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34385"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34385/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426701"
},
{
"db": "VULMON",
"id": "CVE-2022-34385"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-767"
},
{
"db": "NVD",
"id": "CVE-2022-34385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426701"
},
{
"db": "VULMON",
"id": "CVE-2022-34385"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-767"
},
{
"db": "NVD",
"id": "CVE-2022-34385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426701"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34385"
},
{
"date": "2023-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"date": "2023-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-767"
},
{
"date": "2023-02-11T01:23:23.923000",
"db": "NVD",
"id": "CVE-2022-34385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-426701"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34385"
},
{
"date": "2023-09-14T01:12:00",
"db": "JVNDB",
"id": "JVNDB-2022-014044"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-767"
},
{
"date": "2023-11-07T03:48:34.953000",
"db": "NVD",
"id": "CVE-2022-34385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-767"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 and \u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 Cryptographic strength vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014044"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-767"
}
],
"trust": 0.6
}
}
var-202206-0996
Vulnerability from variot
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. Dell's Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Dell SupportAssist Client is a client application of Dell Corporation. The program provides automated, proactive and predictive techniques for troubleshooting and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0996",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.10.4"
},
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.1.1"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"db": "NVD",
"id": "CVE-2022-29093"
}
]
},
"cve": "CVE-2022-29093",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-29093",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-420627",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-29093",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-29093",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29093",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-29093",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29093",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1033",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-420627",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-29093",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420627"
},
{
"db": "VULMON",
"id": "CVE-2022-29093"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1033"
},
{
"db": "NVD",
"id": "CVE-2022-29093"
},
{
"db": "NVD",
"id": "CVE-2022-29093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. Dell\u0027s Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Dell SupportAssist Client is a client application of Dell Corporation. The program provides automated, proactive and predictive techniques for troubleshooting and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29093"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"db": "VULHUB",
"id": "VHN-420627"
},
{
"db": "VULMON",
"id": "CVE-2022-29093"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29093",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011344",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1033",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-83200",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-420627",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-29093",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420627"
},
{
"db": "VULMON",
"id": "CVE-2022-29093"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1033"
},
{
"db": "NVD",
"id": "CVE-2022-29093"
}
]
},
"id": "VAR-202206-0996",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420627"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:00:44.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SupportAssist Client Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196747"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1033"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420627"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"db": "NVD",
"id": "CVE-2022-29093"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29093"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29093/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420627"
},
{
"db": "VULMON",
"id": "CVE-2022-29093"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1033"
},
{
"db": "NVD",
"id": "CVE-2022-29093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-420627"
},
{
"db": "VULMON",
"id": "CVE-2022-29093"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1033"
},
{
"db": "NVD",
"id": "CVE-2022-29093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-420627"
},
{
"date": "2022-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29093"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1033"
},
{
"date": "2022-06-10T20:15:08.350000",
"db": "NVD",
"id": "CVE-2022-29093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-420627"
},
{
"date": "2022-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29093"
},
{
"date": "2023-08-21T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2022-011344"
},
{
"date": "2022-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1033"
},
{
"date": "2024-11-21T06:58:28.213000",
"db": "NVD",
"id": "CVE-2022-29093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1033"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 and \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1033"
}
],
"trust": 0.6
}
}
var-202206-0945
Vulnerability from variot
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. Dell's Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Dell SupportAssist Client is a client application of Dell Corporation. The program provides automated, proactive and predictive techniques for troubleshooting and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0945",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.10.4"
},
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.1.1"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"db": "NVD",
"id": "CVE-2022-29094"
}
]
},
"cve": "CVE-2022-29094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-29094",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-420628",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-29094",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-29094",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-29094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29094",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1032",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-420628",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420628"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1032"
},
{
"db": "NVD",
"id": "CVE-2022-29094"
},
{
"db": "NVD",
"id": "CVE-2022-29094"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. Dell\u0027s Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Dell SupportAssist Client is a client application of Dell Corporation. The program provides automated, proactive and predictive techniques for troubleshooting and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29094"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"db": "VULHUB",
"id": "VHN-420628"
},
{
"db": "VULMON",
"id": "CVE-2022-29094"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29094",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011343",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1032",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-83199",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-420628",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-29094",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420628"
},
{
"db": "VULMON",
"id": "CVE-2022-29094"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1032"
},
{
"db": "NVD",
"id": "CVE-2022-29094"
}
]
},
"id": "VAR-202206-0945",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420628"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:03:46.857000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SupportAssist Client Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196746"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420628"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"db": "NVD",
"id": "CVE-2022-29094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29094"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29094/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420628"
},
{
"db": "VULMON",
"id": "CVE-2022-29094"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1032"
},
{
"db": "NVD",
"id": "CVE-2022-29094"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-420628"
},
{
"db": "VULMON",
"id": "CVE-2022-29094"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1032"
},
{
"db": "NVD",
"id": "CVE-2022-29094"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-420628"
},
{
"date": "2022-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29094"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1032"
},
{
"date": "2022-06-10T20:15:08.413000",
"db": "NVD",
"id": "CVE-2022-29094"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-420628"
},
{
"date": "2022-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29094"
},
{
"date": "2023-08-21T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2022-011343"
},
{
"date": "2022-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1032"
},
{
"date": "2024-11-21T06:58:28.323000",
"db": "NVD",
"id": "CVE-2022-29094"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 and \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011343"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1032"
}
],
"trust": 0.6
}
}
var-202206-0944
Vulnerability from variot
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. Dell's Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell SupportAssist Client is a client application of Dell Corporation. The program provides automated, proactive and predictive techniques for troubleshooting and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0944",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.0"
},
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.11.0"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"db": "NVD",
"id": "CVE-2022-29092"
}
]
},
"cve": "CVE-2022-29092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-29092",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-420626",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-29092",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-29092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29092",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-29092",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29092",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1034",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-420626",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-29092",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420626"
},
{
"db": "VULMON",
"id": "CVE-2022-29092"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1034"
},
{
"db": "NVD",
"id": "CVE-2022-29092"
},
{
"db": "NVD",
"id": "CVE-2022-29092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. Dell\u0027s Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell SupportAssist Client is a client application of Dell Corporation. The program provides automated, proactive and predictive techniques for troubleshooting and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29092"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"db": "VULHUB",
"id": "VHN-420626"
},
{
"db": "VULMON",
"id": "CVE-2022-29092"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29092",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011345",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1034",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-83201",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-420626",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-29092",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420626"
},
{
"db": "VULMON",
"id": "CVE-2022-29092"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1034"
},
{
"db": "NVD",
"id": "CVE-2022-29092"
}
]
},
"id": "VAR-202206-0944",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420626"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:07:19.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SupportAssist Client Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196748"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1034"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420626"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"db": "NVD",
"id": "CVE-2022-29092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29092"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29092/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/427.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420626"
},
{
"db": "VULMON",
"id": "CVE-2022-29092"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1034"
},
{
"db": "NVD",
"id": "CVE-2022-29092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-420626"
},
{
"db": "VULMON",
"id": "CVE-2022-29092"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1034"
},
{
"db": "NVD",
"id": "CVE-2022-29092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-420626"
},
{
"date": "2022-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29092"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1034"
},
{
"date": "2022-06-10T20:15:08.283000",
"db": "NVD",
"id": "CVE-2022-29092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-420626"
},
{
"date": "2022-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29092"
},
{
"date": "2023-08-21T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2022-011345"
},
{
"date": "2022-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1034"
},
{
"date": "2024-11-21T06:58:28.100000",
"db": "NVD",
"id": "CVE-2022-29092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 and \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 Vulnerability regarding uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1034"
}
],
"trust": 0.6
}
}
var-202302-0813
Vulnerability from variot
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0813",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.0"
},
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.11.4"
},
{
"model": "dell supportassist for home pcs",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "3.11.4 and earlier"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"db": "NVD",
"id": "CVE-2022-34388"
}
]
},
"cve": "CVE-2022-34388",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-34388",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-013907",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34388",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-013907",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-765",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-765"
},
{
"db": "NVD",
"id": "CVE-2022-34388"
},
{
"db": "NVD",
"id": "CVE-2022-34388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell SupportAssist for Home PCs (version 3.11.4 and prior) and \u00a0SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34388"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"db": "VULHUB",
"id": "VHN-426704"
},
{
"db": "VULMON",
"id": "CVE-2022-34388"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34388",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-765",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426704",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34388",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426704"
},
{
"db": "VULMON",
"id": "CVE-2022-34388"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-765"
},
{
"db": "NVD",
"id": "CVE-2022-34388"
}
]
},
"id": "VAR-202302-0813",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426704"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:41:56.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-190",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"title": "Dell SupportAssist for Home PCs Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226221"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-34388 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34388"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-765"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.1
},
{
"problemtype": "CWE-318",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426704"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"db": "NVD",
"id": "CVE-2022-34388"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34388"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34388/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426704"
},
{
"db": "VULMON",
"id": "CVE-2022-34388"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-765"
},
{
"db": "NVD",
"id": "CVE-2022-34388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426704"
},
{
"db": "VULMON",
"id": "CVE-2022-34388"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-765"
},
{
"db": "NVD",
"id": "CVE-2022-34388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426704"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34388"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"date": "2023-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-765"
},
{
"date": "2023-02-11T01:23:24.180000",
"db": "NVD",
"id": "CVE-2022-34388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-426704"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34388"
},
{
"date": "2023-09-13T07:51:00",
"db": "JVNDB",
"id": "JVNDB-2022-013907"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-765"
},
{
"date": "2023-11-07T03:48:35.197000",
"db": "NVD",
"id": "CVE-2022-34388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-765"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 and \u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 Vulnerability in plaintext storage of important information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013907"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-765"
}
],
"trust": 0.6
}
}
var-202206-1313
Vulnerability from variot
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. Dell's Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell SupportAssist Client is a client application of Dell Corporation. The program provides automated, proactive and predictive techniques for troubleshooting and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.10.4"
},
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.1.1"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"db": "NVD",
"id": "CVE-2022-29095"
}
]
},
"cve": "CVE-2022-29095",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2022-29095",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-420629",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-29095",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2022-29095",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-29095",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29095",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-29095",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29095",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1031",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-420629",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1031"
},
{
"db": "NVD",
"id": "CVE-2022-29095"
},
{
"db": "NVD",
"id": "CVE-2022-29095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. Dell\u0027s Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell SupportAssist Client is a client application of Dell Corporation. The program provides automated, proactive and predictive techniques for troubleshooting and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29095"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"db": "VULHUB",
"id": "VHN-420629"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29095",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011342",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1031",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-58396",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-420629",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1031"
},
{
"db": "NVD",
"id": "CVE-2022-29095"
}
]
},
"id": "VAR-202206-1313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420629"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:10:43.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SupportAssist Client Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196745"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "CWE-16",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"db": "NVD",
"id": "CVE-2022-29095"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dell.com/support/kbdoc/en-us/000200456/dsa-2022-139-dell-supportassist-for-home-pcs-and-business-pcs-security-update-for-multiple-security-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29095"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29095/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1031"
},
{
"db": "NVD",
"id": "CVE-2022-29095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-420629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1031"
},
{
"db": "NVD",
"id": "CVE-2022-29095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-420629"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1031"
},
{
"date": "2022-06-10T20:15:08.473000",
"db": "NVD",
"id": "CVE-2022-29095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-420629"
},
{
"date": "2023-08-21T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2022-011342"
},
{
"date": "2022-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1031"
},
{
"date": "2024-11-21T06:58:28.460000",
"db": "NVD",
"id": "CVE-2022-29095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 and \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1031"
}
],
"trust": 0.6
}
}
var-202302-0830
Vulnerability from variot
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0830",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.0"
},
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.11.4"
},
{
"model": "dell supportassist for home pcs",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "3.11.4 and earlier"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"db": "NVD",
"id": "CVE-2022-34387"
}
]
},
"cve": "CVE-2022-34387",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-34387",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2022-34387",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34387",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34387",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34387",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-34387",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-766",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-766"
},
{
"db": "NVD",
"id": "CVE-2022-34387"
},
{
"db": "NVD",
"id": "CVE-2022-34387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\n\n\nDell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34387"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"db": "VULHUB",
"id": "VHN-426703"
},
{
"db": "VULMON",
"id": "CVE-2022-34387"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34387",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013908",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-766",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426703",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34387",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426703"
},
{
"db": "VULMON",
"id": "CVE-2022-34387"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-766"
},
{
"db": "NVD",
"id": "CVE-2022-34387"
}
]
},
"id": "VAR-202302-0830",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426703"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:32:18.270000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-190",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"title": "Dell SupportAssist for Home PCs Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226222"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-34387 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34387"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-766"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.1
},
{
"problemtype": "CWE-377",
"trust": 1.0
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426703"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"db": "NVD",
"id": "CVE-2022-34387"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34387"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34387/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426703"
},
{
"db": "VULMON",
"id": "CVE-2022-34387"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-766"
},
{
"db": "NVD",
"id": "CVE-2022-34387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426703"
},
{
"db": "VULMON",
"id": "CVE-2022-34387"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-766"
},
{
"db": "NVD",
"id": "CVE-2022-34387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426703"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34387"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"date": "2023-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-766"
},
{
"date": "2023-02-11T01:23:24.097000",
"db": "NVD",
"id": "CVE-2022-34387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-426703"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34387"
},
{
"date": "2023-09-13T07:55:00",
"db": "JVNDB",
"id": "JVNDB-2022-013908"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-766"
},
{
"date": "2023-11-07T03:48:35.113000",
"db": "NVD",
"id": "CVE-2022-34387"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-766"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 and \u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 Vulnerability in leaking resources to the wrong area in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-766"
}
],
"trust": 0.6
}
}
var-201906-0576
Vulnerability from variot
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. PC-Doctor Toolbox Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PC-Doctor for Windows is prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. PC-Doctor Toolbox is a hardware diagnostic and system information monitoring tool developed by PC-Doctor Toolbox in the United States. A security vulnerability exists in PC-Doctor Toolbox versions prior to 7.3. Full Disclosure
I. VULNERABILITY
Uncontrolled search path element vulnerability in PC-Doctor Toolbox prior to version 7.3 allows local users to gain privileges and conduct DLL hijacking attacks via a trojan horse DLL located in an unsecured directory which has been added to the PATH environment variable.
II. CVE REFERENCE
CVE-2019-12280
III. VENDOR
PC-Doctor, Inc.
IV. Affected Products
PC-Doctor Toolbox for Windows
Also re-branded as:
CORSAIR ONE Diagnostics CORSAIR Diagnostics Staples EasyTech Diagnostics Tobii I-Series Diagnostic Tool Tobii Dynavox Diagnostic Tool
V. TIMELINE
May 03, 2019 Vulnerability reported to PC-Doctor, Inc.
May 04, 2019 Vulnerability confirmed by PC-Doctor, Inc.
May 17, 2019 PC-Doctor, Inc. identified additional attack vectors in third party dependencies.
June 11, 2019 PC-Doctor Toolbox for Windows 7.3 released to OEM customers for testing.
June 12, 2019 PC-Doctor Toolbox for Windows 7.3 released to retail end-users.
June 19, 2019 Disclosure published.
VI. CREDIT
Peleg Hadar from SafeBreach, Inc.
VII. SOLUTION
Upgrade to version 7.3 of PC-Doctor Toolbox (or re-branded products)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0576",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "toolbox",
"scope": "lt",
"trust": 1.8,
"vendor": "pc doctor",
"version": "7.3"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.2"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.1"
},
{
"model": "supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "pc-doctor for window",
"scope": "eq",
"trust": 0.3,
"vendor": "pc doctor",
"version": "0"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.2.1"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.0"
},
{
"model": "supportassist for home pcs",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.2.2"
},
{
"model": "supportassist for business pcs",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "108880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"db": "NVD",
"id": "CVE-2019-12280"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:pc-doctor:toolbox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dell:supportassist_for_business_pcs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peleg Hadar",
"sources": [
{
"db": "BID",
"id": "108880"
},
{
"db": "PACKETSTORM",
"id": "153374"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-931"
}
],
"trust": 1.0
},
"cve": "CVE-2019-12280",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-12280",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-144011",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-12280",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-12280",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-12280",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-931",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-144011",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144011"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-931"
},
{
"db": "NVD",
"id": "CVE-2019-12280"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. PC-Doctor Toolbox Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PC-Doctor for Windows is prone to an arbitrary code-execution vulnerability. \nAn attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. PC-Doctor Toolbox is a hardware diagnostic and system information monitoring tool developed by PC-Doctor Toolbox in the United States. A security vulnerability exists in PC-Doctor Toolbox versions prior to 7.3. Full Disclosure\n\nI. VULNERABILITY\n-------------------------\nUncontrolled search path element vulnerability in PC-Doctor Toolbox prior\nto version 7.3 allows local users to gain privileges and conduct DLL\nhijacking attacks via a trojan horse DLL located in an unsecured directory\nwhich has been added to the PATH environment variable. \n\n \n\nII. CVE REFERENCE\n-------------------------\nCVE-2019-12280\n\n \n\nIII. VENDOR\n-------------------------\nPC-Doctor, Inc. \n\n \n\nIV. Affected Products\n\n-------------------------\n\nPC-Doctor Toolbox for Windows\n\nAlso re-branded as:\n\n CORSAIR ONE Diagnostics\n CORSAIR Diagnostics\n Staples EasyTech Diagnostics\n Tobii I-Series Diagnostic Tool\n Tobii Dynavox Diagnostic Tool\n\n \n\nV. TIMELINE\n-------------------------\nMay 03, 2019 Vulnerability reported to PC-Doctor, Inc. \n\nMay 04, 2019 Vulnerability confirmed by PC-Doctor, Inc. \n\nMay 17, 2019 PC-Doctor, Inc. identified additional attack vectors in third\nparty dependencies. \n\nJune 11, 2019 PC-Doctor Toolbox for Windows 7.3 released to OEM customers\nfor testing. \n\nJune 12, 2019 PC-Doctor Toolbox for Windows 7.3 released to retail\nend-users. \n\nJune 19, 2019 Disclosure published. \n\n \n\nVI. CREDIT\n-------------------------\nPeleg Hadar from SafeBreach, Inc. \n\n \n\nVII. SOLUTION\n-------------------------\nUpgrade to version 7.3 of PC-Doctor Toolbox (or re-branded products)\n\n \n\n \n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12280"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"db": "BID",
"id": "108880"
},
{
"db": "VULHUB",
"id": "VHN-144011"
},
{
"db": "PACKETSTORM",
"id": "153374"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-144011",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144011"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12280",
"trust": 2.9
},
{
"db": "BID",
"id": "108880",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "153374",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005720",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-931",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-144011",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144011"
},
{
"db": "BID",
"id": "108880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"db": "PACKETSTORM",
"id": "153374"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-931"
},
{
"db": "NVD",
"id": "CVE-2019-12280"
}
]
},
"id": "VAR-201906-0576",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-144011"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:33:50.709000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PC-Doctor Responds to Software Vulnerability Report",
"trust": 0.8,
"url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
},
{
"title": "DSA-2019-084",
"trust": 0.8,
"url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
},
{
"title": "PC-Doctor Toolbox Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94061"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144011"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"db": "NVD",
"id": "CVE-2019-12280"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://seclists.org/fulldisclosure/2019/jun/29"
},
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/dell-releases-security-advisory-dell-supportassist"
},
{
"trust": 2.0,
"url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/108880"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/153374/pc-doctor-toolbox-dll-hijacking.html"
},
{
"trust": 1.7,
"url": "https://safebreach.com/press-post/safebreach-identifies-serious-vulnerability-in-pc-doctor-software"
},
{
"trust": 1.7,
"url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12280"
},
{
"trust": 0.9,
"url": "https://safebreach.com/post/oem-software-puts-multiple-laptops-at-risk"
},
{
"trust": 0.9,
"url": "https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12280"
},
{
"trust": 0.3,
"url": "http://www.pc-doctor.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144011"
},
{
"db": "BID",
"id": "108880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"db": "PACKETSTORM",
"id": "153374"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-931"
},
{
"db": "NVD",
"id": "CVE-2019-12280"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-144011"
},
{
"db": "BID",
"id": "108880"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"db": "PACKETSTORM",
"id": "153374"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-931"
},
{
"db": "NVD",
"id": "CVE-2019-12280"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-144011"
},
{
"date": "2019-06-20T00:00:00",
"db": "BID",
"id": "108880"
},
{
"date": "2019-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"date": "2019-06-20T13:33:33",
"db": "PACKETSTORM",
"id": "153374"
},
{
"date": "2019-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-931"
},
{
"date": "2019-06-25T21:15:09.733000",
"db": "NVD",
"id": "CVE-2019-12280"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-144011"
},
{
"date": "2019-06-20T00:00:00",
"db": "BID",
"id": "108880"
},
{
"date": "2019-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005720"
},
{
"date": "2019-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-931"
},
{
"date": "2024-11-21T04:22:33.390000",
"db": "NVD",
"id": "CVE-2019-12280"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "108880"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-931"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PC-Doctor Toolbox Vulnerabilities in uncontrolled search path elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005720"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-931"
}
],
"trust": 0.6
}
}
var-201906-0187
Vulnerability from variot
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine. in the United States. The program provides automated, proactive and predictive techniques for troubleshooting and more. The program provides automated, proactive and predictive techniques for troubleshooting and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "2.0"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "2.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "2.2.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "2.2.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "2.2.3"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "3.0"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "3.0.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "3.0.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "3.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.8,
"vendor": "dell",
"version": "3.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"db": "NVD",
"id": "CVE-2019-3735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:dell:supportassist_for_business_pcs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:dell:supportassist_for_home_pcs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
}
]
},
"cve": "CVE-2019-3735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3735",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-155170",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-3735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2019-3735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3735",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3735",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3735",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3735",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-850",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155170",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-850"
},
{
"db": "NVD",
"id": "CVE-2019-3735"
},
{
"db": "NVD",
"id": "CVE-2019-3735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine. in the United States. The program provides automated, proactive and predictive techniques for troubleshooting and more. The program provides automated, proactive and predictive techniques for troubleshooting and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3735"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"db": "VULHUB",
"id": "VHN-155170"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3735",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005704",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-850",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155170",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-850"
},
{
"db": "NVD",
"id": "CVE-2019-3735"
}
]
},
"id": "VAR-201906-0187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155170"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:16:59.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-088",
"trust": 0.8,
"url": "http://www.dell.com/support/article/sln317453"
},
{
"title": "Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93992"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-850"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"db": "NVD",
"id": "CVE-2019-3735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.dell.com/support/article/sln317453"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3735"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3735"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-850"
},
{
"db": "NVD",
"id": "CVE-2019-3735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155170"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-850"
},
{
"db": "NVD",
"id": "CVE-2019-3735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-155170"
},
{
"date": "2019-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"date": "2019-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-850"
},
{
"date": "2019-06-20T22:15:11.117000",
"db": "NVD",
"id": "CVE-2019-3735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-155170"
},
{
"date": "2019-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005704"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-850"
},
{
"date": "2024-11-21T04:42:25.920000",
"db": "NVD",
"id": "CVE-2019-3735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-850"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005704"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-850"
}
],
"trust": 0.6
}
}
var-202302-0636
Vulnerability from variot
Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0636",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.0"
},
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.11.4"
},
{
"model": "dell supportassist for home pcs",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "3.11.4 and earlier"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"db": "NVD",
"id": "CVE-2022-34386"
}
]
},
"cve": "CVE-2022-34386",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-34386",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-013909",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34386",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34386",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-013909",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-770",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-770"
},
{
"db": "NVD",
"id": "CVE-2022-34386"
},
{
"db": "NVD",
"id": "CVE-2022-34386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34386"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"db": "VULHUB",
"id": "VHN-426702"
},
{
"db": "VULMON",
"id": "CVE-2022-34386"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34386",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013909",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-770",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426702",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34386",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426702"
},
{
"db": "VULMON",
"id": "CVE-2022-34386"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-770"
},
{
"db": "NVD",
"id": "CVE-2022-34386"
}
]
},
"id": "VAR-202302-0636",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426702"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:11:02.405000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-190",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"title": "Dell SupportAssist for Home PCs Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226226"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-34386 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34386"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-770"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-321",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426702"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"db": "NVD",
"id": "CVE-2022-34386"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34386"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34386/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426702"
},
{
"db": "VULMON",
"id": "CVE-2022-34386"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-770"
},
{
"db": "NVD",
"id": "CVE-2022-34386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426702"
},
{
"db": "VULMON",
"id": "CVE-2022-34386"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-770"
},
{
"db": "NVD",
"id": "CVE-2022-34386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426702"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34386"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"date": "2023-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-770"
},
{
"date": "2023-02-11T01:23:24.010000",
"db": "NVD",
"id": "CVE-2022-34386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-426702"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34386"
},
{
"date": "2023-09-13T07:59:00",
"db": "JVNDB",
"id": "JVNDB-2022-013909"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-770"
},
{
"date": "2023-11-07T03:48:35.037000",
"db": "NVD",
"id": "CVE-2022-34386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 and \u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 Vulnerability in using hard-coded credentials in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013909"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-770"
}
],
"trust": 0.6
}
}
var-202103-0628
Vulnerability from variot
Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. plural Dell SupportAssist Client The product contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DELL Dell SupportAssist Client is a client application of Dell (DELL). The program provides automated, proactive and predictive techniques for troubleshooting and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0628",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.4.0"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.2.0"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.3.3"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.0"
},
{
"model": "supportassist client promanage",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "1.0"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.7.0"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.6.0"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.0"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist client promanage",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"db": "NVD",
"id": "CVE-2021-21518"
}
]
},
"cve": "CVE-2021-21518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-21518",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-379922",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-21518",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-004483",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-21518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-21518",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-888",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-379922",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379922"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-888"
},
{
"db": "NVD",
"id": "CVE-2021-21518"
},
{
"db": "NVD",
"id": "CVE-2021-21518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. plural Dell SupportAssist Client The product contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. DELL Dell SupportAssist Client is a client application of Dell (DELL). The program provides automated, proactive and predictive techniques for troubleshooting and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21518"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"db": "VULHUB",
"id": "VHN-379922"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21518",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004483",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-888",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-83203",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-379922",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379922"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-888"
},
{
"db": "NVD",
"id": "CVE-2021-21518"
}
]
},
"id": "VAR-202103-0628",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379922"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:11:07.317000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2021-052",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability"
},
{
"title": "Dell SupportAssist Client Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144312"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-888"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379922"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"db": "NVD",
"id": "CVE-2021-21518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/en-us/000184012/dsa-2021-052-dell-supportassist-for-home-pcs-business-pcs-security-update-for-pc-doctor-plugin-vulnerability"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21518"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379922"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-888"
},
{
"db": "NVD",
"id": "CVE-2021-21518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379922"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-888"
},
{
"db": "NVD",
"id": "CVE-2021-21518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-379922"
},
{
"date": "2021-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"date": "2021-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-888"
},
{
"date": "2021-03-12T20:15:11.420000",
"db": "NVD",
"id": "CVE-2021-21518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-379922"
},
{
"date": "2021-11-22T09:10:00",
"db": "JVNDB",
"id": "JVNDB-2021-004483"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-888"
},
{
"date": "2024-11-21T05:48:31.083000",
"db": "NVD",
"id": "CVE-2021-21518"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-888"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dell\u00a0SupportAssist\u00a0Client\u00a0 Vulnerability in uncontrolled search path elements in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004483"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-888"
}
],
"trust": 0.6
}
}
var-202107-0412
Vulnerability from variot
Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. (DoS) It may be in a state. The program provides automated, proactive and predictive techniques for troubleshooting and more. The program provides automated, proactive and predictive techniques for troubleshooting and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.3.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.2.3"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.2"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.3"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.2.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.3"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.1"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.3"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.2.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.3.3"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.4"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.1.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.2"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.1"
},
{
"model": "supportassist for business pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "2.0.1"
},
{
"model": "supportassist for home pcs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.3.2"
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"db": "NVD",
"id": "CVE-2020-5316"
}
]
},
"cve": "CVE-2020-5316",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-5316",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-183441",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-5316",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-010124",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5316",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-5316",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-5316",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1734",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-183441",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183441"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1734"
},
{
"db": "NVD",
"id": "CVE-2020-5316"
},
{
"db": "NVD",
"id": "CVE-2020-5316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. (DoS) It may be in a state. The program provides automated, proactive and predictive techniques for troubleshooting and more. The program provides automated, proactive and predictive techniques for troubleshooting and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"db": "VULHUB",
"id": "VHN-183441"
},
{
"db": "VULMON",
"id": "CVE-2020-5316"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5316",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010124",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1734",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-04706",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-183441",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-5316",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183441"
},
{
"db": "VULMON",
"id": "CVE-2020-5316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1734"
},
{
"db": "NVD",
"id": "CVE-2020-5316"
}
]
},
"id": "VAR-202107-0412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183441"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:27:43.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-005",
"trust": 0.8,
"url": "http://www.dell.com/support/article/SLN320101"
},
{
"title": "DELL Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157450"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2020/02/11/dell_supportassist_flaw/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/dell-patches-supportassist-flaw-that-allows-arbitrary-code-execution/152771/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-5316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183441"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"db": "NVD",
"id": "CVE-2020-5316"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.dell.com/support/article/sln320101"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5316"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/dell-patches-supportassist-flaw-that-allows-arbitrary-code-execution/152771/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183441"
},
{
"db": "VULMON",
"id": "CVE-2020-5316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1734"
},
{
"db": "NVD",
"id": "CVE-2020-5316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183441"
},
{
"db": "VULMON",
"id": "CVE-2020-5316"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1734"
},
{
"db": "NVD",
"id": "CVE-2020-5316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-183441"
},
{
"date": "2021-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5316"
},
{
"date": "2022-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"date": "2021-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1734"
},
{
"date": "2021-07-22T17:15:08.417000",
"db": "NVD",
"id": "CVE-2020-5316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-183441"
},
{
"date": "2021-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-5316"
},
{
"date": "2022-06-22T02:01:00",
"db": "JVNDB",
"id": "JVNDB-2021-010124"
},
{
"date": "2021-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1734"
},
{
"date": "2021-08-02T15:15:46.337000",
"db": "NVD",
"id": "CVE-2020-5316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1734"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0SupportAssist\u00a0for\u00a0Business\u00a0PCs\u00a0 and \u00a0Dell\u00a0SupportAssist\u00a0for\u00a0Home\u00a0PCs\u00a0 Vulnerability regarding uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010124"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1734"
}
],
"trust": 0.6
}
}
var-202302-0812
Vulnerability from variot
Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. plural Dell The product contains a vulnerability in permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0812",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for home pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.11.2"
},
{
"model": "update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.0"
},
{
"model": "command update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.0"
},
{
"model": "alienware update",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.5.0"
},
{
"model": "supportassist for business pcs",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.2.0"
},
{
"model": "update",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "alienware 4.5"
},
{
"model": "alienware update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "update",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "dell comm 4.5"
},
{
"model": "update",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "4.5"
},
{
"model": "dell command update",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"cve": "CVE-2022-34384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-34384",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-014045",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34384",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34384",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-014045",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-768",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. plural Dell The product contains a vulnerability in permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "VULMON",
"id": "CVE-2022-34384"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34384",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426700",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34384",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"id": "VAR-202302-0812",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426700"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:03.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-190",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000204114/dsa-2022-190-dell-supportassist-for-home-and-business-pcs-security-update-for-multiple-proprietary-code-vulnerabilities"
},
{
"title": "Dell SupportAssist Client Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=226224"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-34384 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-250",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34384"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34384/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426700"
},
{
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
},
{
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426700"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"date": "2023-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"date": "2023-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-768"
},
{
"date": "2023-02-11T01:23:23.793000",
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-426700"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34384"
},
{
"date": "2023-09-14T01:24:00",
"db": "JVNDB",
"id": "JVNDB-2022-014045"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-768"
},
{
"date": "2023-11-07T03:48:34.883000",
"db": "NVD",
"id": "CVE-2022-34384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dell\u00a0 Product permission management vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014045"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-768"
}
],
"trust": 0.6
}
}
var-202302-0637
Vulnerability from variot
Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. Dell SupportAssist Is vulnerable to improper restrictions on excessive authentication attempts.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0637",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "supportassist for home pcs",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "3.12.3"
},
{
"model": "supportassist for business pcs",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "3.3.0"
},
{
"model": "dell supportassist for home pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "dell supportassist for business pcs",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"db": "NVD",
"id": "CVE-2022-34389"
}
]
},
"cve": "CVE-2022-34389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2022-34389",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2022-34389",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-34389",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34389",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34389",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2022-34389",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-764",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-764"
},
{
"db": "NVD",
"id": "CVE-2022-34389"
},
{
"db": "NVD",
"id": "CVE-2022-34389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nDell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. Dell SupportAssist Is vulnerable to improper restrictions on excessive authentication attempts.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34389"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"db": "VULHUB",
"id": "VHN-426705"
},
{
"db": "VULMON",
"id": "CVE-2022-34389"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34389",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-764",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426705",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34389",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426705"
},
{
"db": "VULMON",
"id": "CVE-2022-34389"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-764"
},
{
"db": "NVD",
"id": "CVE-2022-34389"
}
]
},
"id": "VAR-202302-0637",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426705"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:17:24.516000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2022-190",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-34389 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-34389"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.1
},
{
"problemtype": "Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426705"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"db": "NVD",
"id": "CVE-2022-34389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000204114"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34389"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34389/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-34389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426705"
},
{
"db": "VULMON",
"id": "CVE-2022-34389"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-764"
},
{
"db": "NVD",
"id": "CVE-2022-34389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426705"
},
{
"db": "VULMON",
"id": "CVE-2022-34389"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-764"
},
{
"db": "NVD",
"id": "CVE-2022-34389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-426705"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34389"
},
{
"date": "2023-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"date": "2023-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-764"
},
{
"date": "2023-02-11T01:23:24.267000",
"db": "NVD",
"id": "CVE-2022-34389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-426705"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34389"
},
{
"date": "2023-09-13T07:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-013906"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-764"
},
{
"date": "2023-11-07T03:48:35.277000",
"db": "NVD",
"id": "CVE-2022-34389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-764"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0SupportAssist\u00a0 Vulnerability in improperly limiting excessive authentication attempts in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-764"
}
],
"trust": 0.6
}
}
cve-2024-52535
Vulnerability from cvelistv5
Published
2024-12-25 14:41
Modified
2024-12-26 18:11
Severity ?
EPSS score ?
Summary
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Dell | SupportAssist for Home PCs |
Version: N/A ≤ |
||||
|
|||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T18:11:12.366323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-26T18:11:19.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SupportAssist for Home PCs",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.6.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SupportAssist for Business PCs",
"vendor": "Dell",
"versions": [
{
"lessThan": "4.5.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank mdanilor for reporting this issue."
}
],
"datePublic": "2024-12-23T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system."
}
],
"value": "Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-25T14:41:36.996Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000261086/dsa-2024-470-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-52535",
"datePublished": "2024-12-25T14:41:36.996Z",
"dateReserved": "2024-11-12T06:04:07.775Z",
"dateUpdated": "2024-12-26T18:11:19.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44283
Vulnerability from cvelistv5
Published
2024-02-14 07:49
Modified
2024-08-14 18:49
Severity ?
EPSS score ?
Summary
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Dell | SupportAssist for Home PCs |
Version: 0 ≤ 3.14.1 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "supportassist_for_home_pcs",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "3.14.1",
"status": "affected",
"version": "3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "supportassist_for_business_pcs",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "3.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:46:49.835695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:49:25.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SupportAssist for Home PCs",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "3.14.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SupportAssist for Business PCs",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nIn Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T07:49:13.074Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219086/dsa-2023-401-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-user-interface-component"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-44283",
"datePublished": "2024-02-14T07:49:13.074Z",
"dateReserved": "2023-09-28T09:25:45.714Z",
"dateUpdated": "2024-08-14T18:49:25.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}