All the vulnerabilites related to Dell - SupportAssist Client
cve-2019-3718
Vulnerability from cvelistv5
Published
2019-04-18 19:58
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108020 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | SupportAssist Client |
Version: unspecified < 3.2.0.90 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:17.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en"
},
{
"name": "108020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SupportAssist Client",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.2.0.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell would like to thank John C. Hennessy-ReCar for reporting CVE-2019-3718."
}
],
"datePublic": "2019-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Origin Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-22T11:06:04",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en"
},
{
"name": "108020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-17T17:04:00.000Z",
"ID": "CVE-2019-3718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SupportAssist Client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2.0.90"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell would like to thank John C. Hennessy-ReCar for reporting CVE-2019-3718."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Origin Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en"
},
{
"name": "108020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108020"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3718",
"datePublished": "2019-04-18T19:58:22.877225Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:57:00.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3719
Vulnerability from cvelistv5
Published
2019-04-18 19:58
Modified
2024-09-16 18:40
Severity ?
EPSS score ?
Summary
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Dell | SupportAssist Client |
Version: unspecified < 3.2.0.90 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SupportAssist Client",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.2.0.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell would like to thank Bill Demirkapi for reporting CVE-2019-3719."
}
],
"datePublic": "2019-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T15:22:34",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-17T17:04:00.000Z",
"ID": "CVE-2019-3719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SupportAssist Client",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2.0.90"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell would like to thank Bill Demirkapi for reporting CVE-2019-3719."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3719",
"datePublished": "2019-04-18T19:58:22.916438Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:40:02.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}