Improper Origin Validation in Dell SupportAssist Client
CVE-2019-3718

7.6HIGH

Key Information:

Vendor: Dell
Status: Supportassist Client
Vendor: CVE Published:; 18 April 2019

Summary

Dell SupportAssist Client versions before 3.2.0.90 are susceptible to a vulnerability due to improper origin validation. This flaw could allow unauthenticated remote attackers to execute Cross-Site Request Forgery (CSRF) attacks targeted at users of the affected systems. Attackers could exploit this vulnerability to perform unauthorized actions, potentially compromising user data and system integrity.

Affected Version(s)

SupportAssist Client < 3.2.0.90

References

https://www.dell.com/support/article/us/en/19/sln316857/d...

x_refsource_MISC

http://www.securityfocus.com/bid/108020

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2019
Vulnerability Reserved
Jan 3, 2019

Credit

Dell would like to thank John C. Hennessy-ReCar for reporting CVE-2019-3718.