Sign-up

ID

VAR-201904-0306


CVE

CVE-2019-3718


TITLE

Dell SupportAssist Client Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2019-003798

DESCRIPTION

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems. Dell SupportAssist Client Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell SupportAssist Client is prone to the following security vulnerabilities: 1. A cross-site request forgery vulnerability 2. A remote code-injection vulnerability An attacker may leverage these issues to perform certain unauthorized actions and gain access to the affected application or execute arbitrary code. This may aid in further attacks

Trust: 1.98

sources: NVD: CVE-2019-3718 // JVNDB: JVNDB-2019-003798 // BID: 108020 // VULHUB: VHN-155153

AFFECTED PRODUCTS

vendor:dellmodel:supportassistscope:ltversion:3.2.0.90

Trust: 1.8

vendor:dellmodel:supportassistscope:eqversion:3.1.0.142

Trust: 0.3

vendor:dellmodel:supportassistscope:eqversion:3.0.2.48

Trust: 0.3

vendor:dellmodel:supportassistscope:neversion:3.2.1.94

Trust: 0.3

vendor:dellmodel:supportassistscope:neversion:3.2.0.90

Trust: 0.3

sources: BID: 108020 // JVNDB: JVNDB-2019-003798 // NVD: CVE-2019-3718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3718
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3718
value: HIGH

Trust: 1.0

NVD: CVE-2019-3718
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-907
value: HIGH

Trust: 0.6

VULHUB: VHN-155153
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3718
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155153
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3718
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3718
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.7
version: 3.0

Trust: 1.0

NVD: CVE-2019-3718
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155153 // JVNDB: JVNDB-2019-003798 // CNNVD: CNNVD-201904-907 // NVD: CVE-2019-3718 // NVD: CVE-2019-3718

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-155153 // JVNDB: JVNDB-2019-003798 // NVD: CVE-2019-3718

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-907

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201904-907

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003798

PATCH
title:DSA-2019-051url:https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en
Trust: 0.8
title:Dell SupportAssist Client Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91739
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003798 // 
            
            
            
            CNNVD: CNNVD-201904-907

EXTERNAL IDS
db:NVDid:CVE-2019-3718
Trust: 2.8
db:BIDid:108020
Trust: 2.0
db:JVNDBid:JVNDB-2019-003798
Trust: 0.8
db:AUSCERTid:ESB-2019.1522
Trust: 0.6
db:CNNVDid:CNNVD-201904-907
Trust: 0.6
db:VULHUBid:VHN-155153
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155153 // 
            
            
            
            BID: 108020 // 
            
            
            
            JVNDB: JVNDB-2019-003798 // 
            
            
            
            CNNVD: CNNVD-201904-907 // 
            
            
            
            NVD: CVE-2019-3718

REFERENCES
url:http://www.securityfocus.com/bid/108020
Trust: 2.3
url:https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-3718
Trust: 1.4
url:http://dell.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3718
Trust: 0.8
url:https://www.dell.com/support/article/au/en/audhs1/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80126
Trust: 0.6
sources:
            
            
            VULHUB: VHN-155153 // 
            
            
            
            BID: 108020 // 
            
            
            
            JVNDB: JVNDB-2019-003798 // 
            
            
            
            CNNVD: CNNVD-201904-907 // 
            
            
            
            NVD: CVE-2019-3718

CREDITS
John C. Hennessy-ReCar and Bill Demirkapi.
Trust: 0.9
sources:
            
            
            BID: 108020 // 
            
            
            
            CNNVD: CNNVD-201904-907

SOURCES
db:VULHUBid:VHN-155153
db:BIDid:108020
db:JVNDBid:JVNDB-2019-003798
db:CNNVDid:CNNVD-201904-907
db:NVDid:CVE-2019-3718

LAST UPDATE DATE
2024-11-23T22:55:37.839000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155153date:2023-02-10T00:00:00
db:BIDid:108020date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003798date:2019-05-22T00:00:00
db:CNNVDid:CNNVD-201904-907date:2019-05-14T00:00:00
db:NVDid:CVE-2019-3718date:2024-11-21T04:42:23.810

SOURCES RELEASE DATE
db:VULHUBid:VHN-155153date:2019-04-18T00:00:00
db:BIDid:108020date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003798date:2019-05-22T00:00:00
db:CNNVDid:CNNVD-201904-907date:2019-04-18T00:00:00
db:NVDid:CVE-2019-3718date:2019-04-18T20:29:01.097