Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
704
VMScore

CVE-2019-3719

Published: 18/04/2019 Updated: 01/01/2022
CVSS v2 Base Score: 7.9 | Impact Score: 10 | Exploitability Score: 5.5
CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1
VMScore: 704
Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Dell

Vulnerability Summary

Dell SupportAssist Client versions before 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dell supportassist

Github Repositories

https://github.com/D4stiny/Dell-Support-Assist-RCE-PoC

Dell SupportAssist RCE Proof of Concept This is the proof of concept source code for CVE-2019-3719, a vulnerability in most of all Dell machines that allowed for remote code execution See the blog post here Usage python3 mainpy [Interface Name] [Victim IP] [Gateway IP] [Payload Filename]

https://github.com/jiansiting/CVE-2010-3719

Dell SupportAssist RCE Proof of Concept This is the proof of concept source code for CVE-2019-3719, a vulnerability in most of all Dell machines that allowed for remote code execution Usage python3 mainpy [Interface Name] [Victim IP] [Gateway IP] [Payload Filename]

https://github.com/jiansiting/CVE-2019-3719

Dell SupportAssist RCE Proof of Concept This is the proof of concept source code for CVE-2019-3719, a vulnerability in most of all Dell machines that allowed for remote code execution Usage python3 mainpy [Interface Name] [Victim IP] [Gateway IP] [Payload Filename]

Recent Articles

Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool
The Register • Laurie Clarke • 11 Feb 2020

If you don't have auto-update switched on, time to patch Millions of Windows Dell PCs need patching: Give-me-admin security gremlin found lurking in bundled support tool

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges. The company has issued an advisory about the vulnerability, warning that a locally authenticated low-privilege user could exploit the bug to load arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of malware. SupportAssist scans the s...

Read more...

References

NVD-CWE-noinfohttps://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=enhttps://nvd.nist.govhttps://github.com/D4stiny/Dell-Support-Assist-RCE-PoChttps://www.theregister.co.uk/2020/02/11/dell_supportassist_flaw/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook