7.9
CVSSv2

CVE-2019-3719

Published: 18/04/2019 Updated: 09/10/2019
CVSS v2 Base Score: 7.9 | Impact Score: 10 | Exploitability Score: 5.5
CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1
VMScore: 704
Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Dell SupportAssist Client versions before 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

Vulnerability Trend

Affected Products

Vendor Product Versions
DellSupportassist-

Github Repositories

Dell SupportAssist RCE Proof of Concept This is the proof of concept source code for CVE-2019-3719, a vulnerability in most of all Dell machines that allowed for remote code execution Usage python3 mainpy [Interface Name] [Victim IP] [Gateway IP] [Payload Filename]

Dell SupportAssist RCE Proof of Concept This is the proof of concept source code for CVE-2019-3719, a vulnerability in most of all Dell machines that allowed for remote code execution Usage python3 mainpy [Interface Name] [Victim IP] [Gateway IP] [Payload Filename]

Dell SupportAssist RCE Proof of Concept This is the proof of concept source code for CVE-2019-3719, a vulnerability in most of all Dell machines that allowed for remote code execution See the blog post here Usage python3 mainpy [Interface Name] [Victim IP] [Gateway IP] [Payload Filename]

Recent Articles

Windows PCs Exposed to Attacks by Critical HP Support Assistant Bugs
BleepingComputer • Sergiu Gatlan • 04 Apr 2020

Several critical HP Support Assistant vulnerabilities expose Windows computers to remote code execution attacks and could allow attackers to elevate their privileges or to delete arbitrary files following successful exploitation.
HP Support Assistant, marketed by HP as a "free self-help tool," is pre-installed on new HP desktops and notebooks, and it is designed to deliver automated support, updates, and fixes to HP PCs and printers.
"Improve the performance and reliability of your...

Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool
The Register • Laurie Clarke • 11 Feb 2020

If you don't have auto-update switched on, time to patch

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges.
The company has issued an advisory about the flaw, warning that a locally authenticated low-privilege user could exploit the vuln to load arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of malware.
SupportAssist scans t...

Dell Computers Exposed to RCE Attacks by SupportAssist Flaws
BleepingComputer • Sergiu Gatlan • 01 May 2019

Dell issued a security update to patch a SupportAssist Client software vulnerability which allows potential unauthenticated attackers on the same Network Access layer to remotely execute arbitrary executables on vulnerable computers.
According to Dell's website, the SupportAssist software is "preinstalled on most of all new Dell devices running Windows operating system" and it "proactively checks the health of your system’s hardware and software. When an issue is detected, the necessar...