CVE-2019-3719: Dangerous Bug in Dell’s SupportAssist Client Software
CYBER NEWS

CVE-2019-3719: Dangerous Bug in Dell’s SupportAssist Client Software

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

CVE-2019-3719 is an RCE vulnerability in Dell’s SupportAssist Client software. The bug could allow remote unauthenticated attackers on the same Network Access layer to execute arbitrary code on vulnerable Dell machines.




Here’s the official description of CVE-2019-3719:

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

More about Dell’s SupportAssist Client Software

As explained by the company, the software comes preinstalled on almost all new Dell devices which run Windows operating system. The purpose of the software is to check the health of the user’s system hardware and software. “When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin,” Dell says.

Related: Pre-Installed Dell Software Flaws Could Disable Security Mechanisms.

CVE-2019-3719 Exlplained

As for the bug found within SupportAssist Client Software, its rating defines its high severity – a CVSSv3 base score of 8.0. Considering that most modern Dell devices are at risk, this severity score is not surprising. It should be noted that the bug in the software is now patched. The bug itself was reported by a 17-year old security researcher Bill Demirkapi on October 10 last year.

CVE-2019-3719 is not the only vulnerability Dell recently patched. The company also addressed an improper origin validation bug in the SupportAssist Client software. The bug is tracked under CVE-2019-3718 and was reported by security researcher John C. Hennessy-ReCar. This bug also has a high severity CVSS v3.0 rating of 8.8.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...