跳转至主要内容
退出

欢迎访问戴尔

我的帐户
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表
  • 使用“Company Administration”(公司管理),管理Dell EMC站点、产品和产品级联系人。
登录 创建帐户 登录Premier 合作伙伴计划登录
联系我们

您的 Dell.com 购物车

文章编号: 000147397

DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities

摘要: Dell SupportAssist Client has been updated to address multiple vulnerabilities which may be potentially exploited to compromise the system.

文章内容

影响

High

详情

Improper Origin Validation (CVE-2019-3718)

 

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability.    An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

CVSSv3 Base Score: 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H)

 

Remote Code Execution Vulnerability (CVE-2019-3719)

 

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

CVSSv3 Base Score: 7.1 (AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Improper Origin Validation (CVE-2019-3718)

 

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability.    An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

CVSSv3 Base Score: 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H)

 

Remote Code Execution Vulnerability (CVE-2019-3719)

 

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

CVSSv3 Base Score: 7.1 (AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

Affected products:

Dell SupportAssist Client versions prior to 3.2.0.90.


Remediation:
The following Dell SupportAssist Client release contains resolutions to these vulnerabilities:

  • Dell SupportAssist Client version 3.2.0.90 and later.

Dell recommends all customers upgrade at the earliest opportunity.

Customers can download software from https://downloads.dell.com/serviceability/Catalog/SupportAssistInstaller.exe.

Affected products:

Dell SupportAssist Client versions prior to 3.2.0.90.


Remediation:
The following Dell SupportAssist Client release contains resolutions to these vulnerabilities:

  • Dell SupportAssist Client version 3.2.0.90 and later.

Dell recommends all customers upgrade at the earliest opportunity.

Customers can download software from https://downloads.dell.com/serviceability/Catalog/SupportAssistInstaller.exe.

确认

Dell would like to thank John C. Hennessy-ReCar for reporting CVE-2019-3718 and Bill Demirkapi for reporting CVE-2019-3719.

 

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律信息

文章属性

受影响的产品

SupportAssist for Home PCs, SupportAssist for Business PCs

上次发布日期

21 2月 2021

版本

4

文章类型

Dell Security Advisory

返回页首