Sign-up

ID

VAR-201906-0187


CVE

CVE-2019-3735


TITLE

Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-005704

DESCRIPTION

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine. in the United States. The program provides automated, proactive and predictive techniques for troubleshooting and more. The program provides automated, proactive and predictive techniques for troubleshooting and more

Trust: 1.71

sources: NVD: CVE-2019-3735 // JVNDB: JVNDB-2019-005704 // VULHUB: VHN-155170

AFFECTED PRODUCTS

vendor:dellmodel:supportassist for business pcsscope:eqversion:2.0

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.2

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.2.1

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.2.2

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:2.2.3

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.0

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.0.1

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.0.2

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.1

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.2

Trust: 1.8

vendor:dellmodel:supportassist for home pcsscope:eqversion:3.2.1

Trust: 1.0

sources: JVNDB: JVNDB-2019-005704 // NVD: CVE-2019-3735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3735
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3735
value: HIGH

Trust: 1.0

NVD: CVE-2019-3735
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-850
value: HIGH

Trust: 0.6

VULHUB: VHN-155170
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3735
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155170
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3735
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3735
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-3735
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155170 // JVNDB: JVNDB-2019-005704 // CNNVD: CNNVD-201906-850 // NVD: CVE-2019-3735 // NVD: CVE-2019-3735

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-155170 // JVNDB: JVNDB-2019-005704 // NVD: CVE-2019-3735

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-850

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201906-850

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005704

PATCH
title:DSA-2019-088url:http://www.dell.com/support/article/sln317453
Trust: 0.8
title:Dell SupportAssist for Business PCs  and Dell SupportAssist for Home PCs Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93992
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-005704 // 
            
            
            
            CNNVD: CNNVD-201906-850

EXTERNAL IDS
db:NVDid:CVE-2019-3735
Trust: 2.5
db:JVNDBid:JVNDB-2019-005704
Trust: 0.8
db:CNNVDid:CNNVD-201906-850
Trust: 0.7
db:VULHUBid:VHN-155170
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155170 // 
            
            
            
            JVNDB: JVNDB-2019-005704 // 
            
            
            
            CNNVD: CNNVD-201906-850 // 
            
            
            
            NVD: CVE-2019-3735

REFERENCES
url:http://www.dell.com/support/article/sln317453
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3735
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3735
Trust: 0.8
sources:
            
            
            VULHUB: VHN-155170 // 
            
            
            
            JVNDB: JVNDB-2019-005704 // 
            
            
            
            CNNVD: CNNVD-201906-850 // 
            
            
            
            NVD: CVE-2019-3735

SOURCES
db:VULHUBid:VHN-155170
db:JVNDBid:JVNDB-2019-005704
db:CNNVDid:CNNVD-201906-850
db:NVDid:CVE-2019-3735

LAST UPDATE DATE
2024-11-23T22:16:59.587000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155170date:2023-03-04T00:00:00
db:JVNDBid:JVNDB-2019-005704date:2019-06-26T00:00:00
db:CNNVDid:CNNVD-201906-850date:2020-08-25T00:00:00
db:NVDid:CVE-2019-3735date:2024-11-21T04:42:25.920

SOURCES RELEASE DATE
db:VULHUBid:VHN-155170date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2019-005704date:2019-06-26T00:00:00
db:CNNVDid:CNNVD-201906-850date:2019-06-20T00:00:00
db:NVDid:CVE-2019-3735date:2019-06-20T22:15:11.117