CVE-2019-3718

7.6HIGH

Key Information:

Vendor: Dell
Status: Supportassist Client
Vendor: CVE Published:; 18 April 2019

Summary

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

Affected Version(s)

SupportAssist Client < 3.2.0.90

References

https://www.dell.com/support/article/us/en/19/sln316857/d...

x_refsource_MISC

http://www.securityfocus.com/bid/108020

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2019
Vulnerability Reserved
Jan 3, 2019

Credit

Dell would like to thank John C. Hennessy-ReCar for reporting CVE-2019-3718.