Dell released a security update to patch a SupportAssist Client software flaw which lets possible unverified invaders on the same Network Access layer to distantly implement random executables on susceptible computers.
Dell’s website has suggested that the SupportAssist software is “preinstalled on most of all new Dell devices running Windows operating system” and it “proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin.”
Dell, in its advisory, explained that an unverified attacker, sharing the network access layer with the susceptible system, can compromise the weak system by deceiving a victim user into downloading and performing arbitrary executables via SupportAssist client from attacker hosted sites.
Tracked as CVE-2019-3719, the software fault comes with a high severity CVSSv3 base score of 8.0 assigned by the National Vulnerability Database (NVD).
Dell repaired the software during late April 2019 after a preliminary report received from a young security researcher Bill Demirkapi on October 10, 2018.
Inappropriate source authentication flaw also repaired
Dell also fixed an inappropriate source authentication fault in the SupportAssist Client software reported by John C. Hennessy-ReCar, pursued as CVE-2019-3718 and coming with a high severity CVSS v3.0 rating of 8.8.
Dell says in the same security advisory that an unauthenticated remote invader could possibly exploit this susceptibility to attempt CSRF attacks on users of the affected systems.
Customers who to defend themselves from possible attacks trying to exploit this software fault are encouraged to update the SupportAssist application if they have a version before 18.104.22.168.
Security researcher Bill Demirkapi revealed that the RCE weakness can be exploited by invaders using ARP and DNS deceiving attacks as mentioned in the proof-of-concept process that could be used to deliver the RCE payload onto a victim’s Dell computer.