Remote Code Execution Vulnerability in Dell SupportAssist Client
CVE-2019-3719

7.1HIGH

Key Information:

Vendor: Dell
Status: Supportassist Client
Vendor: CVE Published:; 18 April 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Dell SupportAssist Client versions earlier than 3.2.0.90 possess a remote code execution vulnerability that allows unauthenticated attackers within the same network to exploit affected systems. By manipulating users into downloading and running malicious executables from compromised sources, attackers can compromise the system's integrity and security. It's crucial for users to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

SupportAssist Client < 3.2.0.90

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-3719
Created by jiansiting

References

https://www.dell.com/support/article/us/en/19/sln316857/d...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 1, 2019
👾
Exploit known to exist
May 1, 2019
Vulnerability published
Apr 18, 2019
Vulnerability Reserved
Jan 3, 2019

Credit

Dell would like to thank Bill Demirkapi for reporting CVE-2019-3719.