CVE-2019-3735

Published: Jun 20, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Affected (11)

Products: Dell: Supportassist For Home Pcs, Supportassist For Business Pcs

Dell

2 products

Supportassist For Home Pcs

Supportassist For Business Pcs

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Dell Supportassist For Home Pcs	Version 2.2.1
Dell Supportassist For Home Pcs	Version 2.2.2
Dell Supportassist For Home Pcs	Version 2.2.3
Dell Supportassist For Home Pcs	Version 2.2
Dell Supportassist For Home Pcs	Version 3.0.1
Dell Supportassist For Home Pcs	Version 3.0.2
Dell Supportassist For Home Pcs	Version 3.0
Dell Supportassist For Home Pcs	Version 3.1
Dell Supportassist For Home Pcs	Version 3.2.1
Dell Supportassist For Home Pcs	Version 3.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Dell Supportassist For Business Pcs	Version 2.0

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

http://www.dell.com/support/article/sln317453

Source: security_alert@emc.com

Vendor Advisory

http://www.dell.com/support/article/sln317453

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.