Dell Computers Exposed to RCE Attacks by SupportAssist Flaws

by chebbi abir

Dell issued a security update to patch a SupportAssist Client software vulnerability which allows potential unauthenticated attackers on the same Network Access layer to remotely execute arbitrary executables on vulnerable computers.

According to Dell’s website, the SupportAssist software is “preinstalled on most of all new Dell devices running Windows operating system” and it “proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin.”

Most new Dell computers exposed to RCE attacks

As explained by Dell in its advisory, “An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.”

The software flaw is tracked as CVE-2019-3719 and comes with a high severity CVSSv3 base score of  8.0 assigned by the National Vulnerability Database (NVD).

Dell patched the SupportAssist software during late April 2019 following an initial report received from 17-year old security researcher Bill Demirkapi on October 10, 2018.

Also, Dell advises all customers to update SupportAssist Client as soon as possible, seeing that all versions prior to and later are vulnerable to remote code execution attacks.

Improper origin validation vulnerability also patched

Dell also fixed an improper origin validation flaw in the SupportAssist Client software reported by John C. Hennessy-ReCar, tracked as CVE-2019-3718 and coming with a high severity CVSS v3.0 rating of 8.8.

Dell says in the same security advisory that “An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.”

Customers who to protect themselves from potential attacks trying to exploit this software flaw are encouraged to update the SupportAssist application if they have a version prior to

Security researcher Bill Demirkapi discovered that the RCE vulnerability can be exploited by attackers using ARP and DNS spoofing attacks as detailed in the step by step proof-of-concept procedure that could be used to deliver the RCE payload onto a victim’s Dell computer.[…]

To read the original article:



Interdit de copier  ce contenu