CVE-2019-3735

7HIGH

Key Information:

Vendor: Dell
Status: Dell Supportassist For Business Pcs; Dell Supportassist For Home Pcs
Vendor: CVE Published:; 20 June 2019

Summary

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Affected Version(s)

Dell SupportAssist for Business PCs 2.0

Dell SupportAssist for Home PCs 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1

References

http://www.dell.com/support/article/sln317453

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2019
Vulnerability Reserved
Jan 3, 2019

Credit

Dell would like to thank Bill Demirkapi for reporting this vulnerability.