Vulnerabilities > CVE-2022-34389 - Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dell

CWE-307

NVD

Published: 2023-02-11

Updated: 2024-11-21

Summary

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Supportassist FOR Home PCS - Dell Supportassist FOR Home PCS 2.0 Dell Supportassist FOR Home PCS 2.0.1 Dell Supportassist FOR Home PCS 2.0.2 Dell Supportassist FOR Home PCS 2.1 Dell Supportassist FOR Home PCS 2.1.1 Dell Supportassist FOR Home PCS 2.1.2 Dell Supportassist FOR Home PCS 2.1.3 Dell Supportassist FOR Home PCS 2.2 Dell Supportassist FOR Home PCS 2.2.1 Dell Supportassist FOR Home PCS 2.2.2 Dell Supportassist FOR Home PCS 2.2.3 Dell Supportassist FOR Home PCS 3.0 Dell Supportassist FOR Home PCS 3.0.1 Dell Supportassist FOR Home PCS 3.0.2 Dell Supportassist FOR Home PCS 3.1 Dell Supportassist FOR Home PCS 3.2 Dell Supportassist FOR Home PCS 3.2.1 Dell Supportassist FOR Home PCS 3.2.2 Dell Supportassist FOR Home PCS 3.3 Dell Supportassist FOR Home PCS 3.3.1 Dell Supportassist FOR Home PCS 3.3.2 Dell Supportassist FOR Home PCS 3.3.3 Dell Supportassist FOR Home PCS 3.4 Dell Supportassist FOR Home PCS 3.4.0 Dell Supportassist FOR Home PCS 3.5.0 Dell Supportassist FOR Home PCS 3.6.0 Dell Supportassist FOR Home PCS 3.7.0 Dell Supportassist FOR Home PCS 3.8.0 Dell Supportassist FOR Home PCS 3.9.0 Dell Supportassist FOR Home PCS 3.10.4 Dell Supportassist FOR Home PCS 3.11.2 Dell Supportassist FOR Home PCS 3.11.4 Dell Supportassist FOR Business PCS 2.0 Dell Supportassist FOR Business PCS 2.0.0 Dell Supportassist FOR Business PCS 2.0.1 Dell Supportassist FOR Business PCS 2.0.2 Dell Supportassist FOR Business PCS 2.1 Dell Supportassist FOR Business PCS 2.1.0 Dell Supportassist FOR Business PCS 2.1.1 Dell Supportassist FOR Business PCS 2.1.2 Dell Supportassist FOR Business PCS 2.1.3 Dell Supportassist FOR Business PCS 2.2.0 Dell Supportassist FOR Business PCS 3.1.1 Dell Supportassist FOR Business PCS 3.2.0	45

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References