Allele Security Alert
ASA-2019-00372
Identifier(s)
ASA-2019-00372, DSA-2019-088, CVE-2019-3735
Title
Improper Privilege Management Vulnerability
Vendor(s)
Dell
Product(s)
Dell SupportAssist for Business
Dell SupportAssist for Home
Affected version(s)
Dell SupportAssist for Business PCs version 2.0
Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1
Fixed version(s)
Dell SupportAssist for Business PCs version 2.0.1
Dell SupportAssist for Home PCs version 3.2.2
Proof of concept
Unknown
Description
Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs has been updated to address a vulnerability, which may be potentially exploited to compromise the system.
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.
Technical details
Unknown
Credits
Bill Demirkapi
Reference(s)
DSA-2019-088: Dell SupportAssist Security Update for Improper Privilege Management Vulnerability
https://www.dell.com/support/article/br/pt/brdhs1/sln317453/dsa-2019-088-dell-supportassist-security-update-for-improper-privilege-management-vulnerability?lang=en
CVE-2019-3735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3735
CVE-2019-3735
https://nvd.nist.gov/vuln/detail/CVE-2019-3735
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 22, 2019