CVE-2019-3719

7.1HIGH

Key Information:

Vendor: Dell
Status: Supportassist Client
Vendor: CVE Published:; 18 April 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

Affected Version(s)

SupportAssist Client < 3.2.0.90

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-3719
Created by jiansiting

References

https://www.dell.com/support/article/us/en/19/sln316857/d...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 1, 2019
👾
Exploit known to exist
May 1, 2019
Vulnerability published
Apr 18, 2019
Vulnerability Reserved
Jan 3, 2019

Credit

Dell would like to thank Bill Demirkapi for reporting CVE-2019-3719.