CVE-2022-34392 in SupportAssist for Home PCsinfo

Summary

by MITRE • 02/11/2023

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 05/05/2026

The vulnerability identified as CVE-2022-34392 affects SupportAssist for Home PCs versions 3.11.4 and earlier, representing a critical session management flaw that undermines the security posture of the application. This issue stems from inadequate session expiration mechanisms that fail to properly invalidate authentication tokens upon user logout or session timeout, creating a persistent security risk for authenticated users who lack administrative privileges. The vulnerability manifests when non-administrative users can obtain refresh tokens through legitimate application interactions, which then enables them to extend their access beyond normal session boundaries.

The technical implementation flaw lies in the application's token management system where refresh tokens are not properly secured or invalidated when users should be logged out of the system. This weakness allows attackers to leverage legitimate session tokens to maintain persistent access to sensitive data and functionality within the application. The vulnerability is classified under CWE-613 as insufficient session expiration, which directly relates to the improper handling of authentication state management. When an authenticated user with non-admin privileges accesses the application, they can potentially extract refresh tokens that should normally be destroyed upon session termination, enabling them to generate new access tokens without re-authentication.

The operational impact of this vulnerability extends beyond simple unauthorized access, as it enables privilege escalation through session reuse attacks that can lead to data exfiltration and unauthorized system manipulation. Attackers can exploit this weakness to maintain long-term access to the application's functionality, potentially gaining access to sensitive personal information, system configurations, or other confidential data that would normally be restricted to authorized administrative users. This vulnerability specifically targets the authentication and authorization mechanisms of SupportAssist for Home PCs, creating a persistent backdoor that can be exploited for extended periods without detection, making it particularly dangerous in environments where home users may not regularly update their security software.

Organizations and users should immediately update to the latest version of SupportAssist for Home PCs to address this vulnerability, as the lack of proper session expiration creates a window of opportunity for attackers to maintain unauthorized access. The recommended mitigation strategy involves implementing proper session management protocols that include automatic token invalidation upon logout, enforcing strict session timeout policies, and ensuring that refresh tokens are securely stored and destroyed when sessions terminate. Security teams should also consider implementing additional monitoring controls to detect unusual access patterns or token reuse activities that could indicate exploitation of this vulnerability. This issue aligns with ATT&CK technique T1566 which involves credential access through session hijacking and token reuse, highlighting the importance of robust session management as a fundamental security control that must be properly implemented across all authentication systems.

Responsible

Dell

Reservation

06/23/2022

Disclosure

02/11/2023

Moderation

accepted

CPE

ready

EPSS

0.00164

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!