メイン コンテンツに進む
ログアウト

Dellへようこそ

マイアカウント
  • すばやく簡単にご注文が可能
  • 注文内容の表示、配送状況をトラック
  • 会員限定の特典や割引のご利用
  • 製品リストの作成とアクセスが可能
  • 「Company Administration(会社情報の管理)」では、お使いのDell EMCのサイトや製品、製品レベルでのコンタクト先に関する情報を管理できます。
ログイン アカウントの新規作成 プレミアログイン パートナー プログラム サインイン
お問い合わせ

Dell.comカート

文書番号: 000147397

DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities

概要: Dell SupportAssist Client has been updated to address multiple vulnerabilities which may be potentially exploited to compromise the system.

文書の内容

影響

High

詳細

Improper Origin Validation (CVE-2019-3718)

 

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability.    An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

CVSSv3 Base Score: 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H)

 

Remote Code Execution Vulnerability (CVE-2019-3719)

 

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

CVSSv3 Base Score: 7.1 (AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Improper Origin Validation (CVE-2019-3718)

 

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability.    An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

CVSSv3 Base Score: 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H)

 

Remote Code Execution Vulnerability (CVE-2019-3719)

 

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

CVSSv3 Base Score: 7.1 (AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Affected products:

Dell SupportAssist Client versions prior to 3.2.0.90.


Remediation:
The following Dell SupportAssist Client release contains resolutions to these vulnerabilities:

  • Dell SupportAssist Client version 3.2.0.90 and later.

Dell recommends all customers upgrade at the earliest opportunity.

Customers can download software from https://downloads.dell.com/serviceability/Catalog/SupportAssistInstaller.exe.

Affected products:

Dell SupportAssist Client versions prior to 3.2.0.90.


Remediation:
The following Dell SupportAssist Client release contains resolutions to these vulnerabilities:

  • Dell SupportAssist Client version 3.2.0.90 and later.

Dell recommends all customers upgrade at the earliest opportunity.

Customers can download software from https://downloads.dell.com/serviceability/Catalog/SupportAssistInstaller.exe.

確認

Dell would like to thank John C. Hennessy-ReCar for reporting CVE-2019-3718 and Bill Demirkapi for reporting CVE-2019-3719.

 

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的情報

文書のプロパティ

影響を受ける製品

SupportAssist for Home PCs, SupportAssist for Business PCs

最後に公開された日付

21 2月 2021

バージョン

4

文書の種類

Dell Security Advisory

トップに戻る