Connect with us

Hi, what are you looking for?



Dell Patches Remote Code Execution Vulnerability in SupportAssist Client

Dell recently patched two security vulnerabilities in its SupportAssist Client, including one that could be exploited to achieve remote code execution. 

Dell recently patched two security vulnerabilities in its SupportAssist Client, including one that could be exploited to achieve remote code execution. 

Tracked as CVE-2019-3718, the first of the vulnerabilities is an improper origin validation flaw that could allow an unauthenticated remote attacker to potentially attempt cross-site request forgery (CSRF) attacks on users of the impacted systems.

The issue has a CVSS score of 7.6 and has been fixed with the release of Dell SupportAssist Client

Tracked as CVE-2019-3719 and featuring a CVSS score of 7.1, the second vulnerability could be exploited by an unauthenticated attacker that shares the network access layer with the vulnerable system to compromise that system. 

For that, however, the attacker would need to trick the victim user into downloading and executing arbitrary files via the SupportAssist client, Dell noted in an advisory. The files would be fetched from attacker hosted sites. 

Bill Demirkapi, who found and reported the vulnerability, explains that the SupportAssist client fetches drivers from Dell’s website and that communication with the local systems takes place over an exposed REST API on port 8884, 8883, 8886, or 8885, depending on which is available. 

The process involves a series of integrity checks, but one of the functions involved in these checks provides the attacker with a lot of ground to work with, the researchers says. The issue can be abused in multiple ways, one of which involves generating a random subdomain name and using an external machine to DNS Hijack the victim and respond to requests with this server instead.

Advertisement. Scroll to continue reading.

“Some concerning factors I noticed while looking at different types of requests I could make is that I could get a very detailed description of every piece of hardware connected to my computer using the ‘getsysteminfo’ route. Even through Cross Site Scripting, I was able to access this data, which is an issue because I could seriously fingerprint a system and find some sensitive information,” Demirkapi says. 

One of the methods exposed by the client would download a file from a specified URL and then run it. Checks are performed to ensure that the right files are downloaded and that they come from Dell’s website. 

The exploitation process, the researcher explains, involves tricking the client into accepting a payload that does not come from Dell’s accepted subdomains. After overcoming this obstacle, he was able to set up the attack from a local network. 

The researcher also published a demo to show how the vulnerability can be exploited, and made the proof-of-concept code available online. 

Related: Dell Resets User Passwords Following Data Breach

Related: Dell Patches Vulnerability in Pre-installed SupportAssist Utility

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.