Home > Cyber News > CVE-2019-3719: Dangerous Bug in Dell’s SupportAssist Client Software
CYBER NEWS

CVE-2019-3719: Dangerous Bug in Dell’s SupportAssist Client Software

CVE-2019-3719 is an RCE vulnerability in Dell’s SupportAssist Client software. The bug could allow remote unauthenticated attackers on the same Network Access layer to execute arbitrary code on vulnerable Dell machines.




Here’s the official description of CVE-2019-3719:

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

More about Dell’s SupportAssist Client Software

As explained by the company, the software comes preinstalled on almost all new Dell devices which run Windows operating system. The purpose of the software is to check the health of the user’s system hardware and software. “When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin,” Dell says.

CVE-2019-3719 Exlplained

As for the bug found within SupportAssist Client Software, its rating defines its high severity – a CVSSv3 base score of 8.0. Considering that most modern Dell devices are at risk, this severity score is not surprising. It should be noted that the bug in the software is now patched. The bug itself was reported by a 17-year old security researcher Bill Demirkapi on October 10 last year.

CVE-2019-3719 is not the only vulnerability Dell recently patched. The company also addressed an improper origin validation bug in the SupportAssist Client software. The bug is tracked under CVE-2019-3718 and was reported by security researcher John C. Hennessy-ReCar. This bug also has a high severity CVSS v3.0 rating of 8.8.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree