Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing…
dell·NVD-CWE-noinfo·Published 2019-04-18
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.
Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.
Las versiones de Dell SupportAssist Client anteriores a la versión 3.2.0.90 contienen una vulnerabilidad de ejecución de código remota. Un atacante no identificado, que comparte la capa de acceso a la red con el sistema vulnerable, puede comprometer al sistema vulnerable engañando a un usuario víctima para que descargue y active ejecutables arbitrarios por medio del cliente SupportAssist desde los sitios alojados por el atacante.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.9 | 5.5 | 10.0 | AV:A/AC:M/Au:N/C:C/I:C/A:C |
| 3.0 | Primary | cve.org | 7.1 | — | — | CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.0 | Primary | cve.org | 7.1 | — | — | CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.0 | Secondary | NVD | 7.1 | 1.2 | 5.9 | CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 8.0 | 2.1 | 5.9 | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |