Lucene search

DellCVELIST:CVE-2022-34389

HistoryFeb 10, 2023 - 8:23 p.m.

CVE-2022-34389

2023-02-1020:23:06

CWE-307

dell

www.cve.org

dell supportassist

rate limit bypass

screenmeet api

unauthenticated attacker

dell customer

support technician

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SupportAssist ",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "3.11.1, 3.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000204114

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for CVELIST:CVE-2022-34389