Vulnerability-Lookup

CNVD-2019-25720

Vulnerability from cnvd - Published: 2019-08-03

Title

Dell SupportAssist for Business PCs和Dell SupportAssist for Home PCs权限许可和访问控制问题漏洞

Description

Dell SupportAssist for Business PCs和Dell SupportAssist for Home PCs都是美国戴尔（Dell）公司的产品。Dell SupportAssist for Business PCs是一款适用于企业电脑的客户端应用程序。该程序提供自动化、主动和预测性技术进行故障排除等。Dell SupportAssist for Home PCs是一款适用于家庭电脑的客户端应用程序。该程序提供自动化、主动和预测性技术进行故障排除等。 Dell SupportAssist for Business PCs和Dell SupportAssist for Home PCs中存在权限许可和访问控制问题漏洞，本地攻击者可利用该漏洞获取系统权限。

Severity

高

Patch Name

Dell SupportAssist for Business PCs和Dell SupportAssist for Home PCs权限许可和访问控制问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.dell.com/support/article/us/en/04/sln317453

Reference

http://www.dell.com/support/article/sln317453 https://nvd.nist.gov/vuln/detail/CVE-2019-3735

Impacted products

Name
['Dell SupportAssist for Home PCs 2.2', 'Dell SupportAssist for Home PCs 2.2.1', 'Dell SupportAssist for Home PCs 2.2.2', 'Dell SupportAssist for Home PCs 2.2.3', 'Dell SupportAssist for Home PCs 3.0', 'Dell SupportAssist for Home PCs 3.0.1', 'Dell SupportAssist for Home PCs 3.0.2', 'Dell SupportAssist for Home PCs 3.1', 'Dell SupportAssist for Home PCs 3.2', 'Dell SupportAssist for Home PCs 3.2.1', 'Dell SupportAssist for Business PCs 2.0']

Name

['Dell SupportAssist for Home PCs 2.2', 'Dell SupportAssist for Home PCs 2.2.1', 'Dell SupportAssist for Home PCs 2.2.2', 'Dell SupportAssist for Home PCs 2.2.3', 'Dell SupportAssist for Home PCs 3.0', 'Dell SupportAssist for Home PCs 3.0.1', 'Dell SupportAssist for Home PCs 3.0.2', 'Dell SupportAssist for Home PCs 3.1', 'Dell SupportAssist for Home PCs 3.2', 'Dell SupportAssist for Home PCs 3.2.1', 'Dell SupportAssist for Business PCs 2.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-3735",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3735"
    }
  },
  "description": "Dell SupportAssist for Business PCs\u548cDell SupportAssist for Home PCs\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell SupportAssist for Business PCs\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u4f01\u4e1a\u7535\u8111\u7684\u5ba2\u6237\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u63d0\u4f9b\u81ea\u52a8\u5316\u3001\u4e3b\u52a8\u548c\u9884\u6d4b\u6027\u6280\u672f\u8fdb\u884c\u6545\u969c\u6392\u9664\u7b49\u3002Dell SupportAssist for Home PCs\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u5bb6\u5ead\u7535\u8111\u7684\u5ba2\u6237\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u63d0\u4f9b\u81ea\u52a8\u5316\u3001\u4e3b\u52a8\u548c\u9884\u6d4b\u6027\u6280\u672f\u8fdb\u884c\u6545\u969c\u6392\u9664\u7b49\u3002\n\nDell SupportAssist for Business PCs\u548cDell SupportAssist for Home PCs\u4e2d\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7cfb\u7edf\u6743\u9650\u3002",
  "discovererName": "Bill Demirkapi",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.dell.com/support/article/us/en/04/sln317453",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-25720",
  "openTime": "2019-08-03",
  "patchDescription": "Dell SupportAssist for Business PCs\u548cDell SupportAssist for Home PCs\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell SupportAssist for Business PCs\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u4f01\u4e1a\u7535\u8111\u7684\u5ba2\u6237\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u63d0\u4f9b\u81ea\u52a8\u5316\u3001\u4e3b\u52a8\u548c\u9884\u6d4b\u6027\u6280\u672f\u8fdb\u884c\u6545\u969c\u6392\u9664\u7b49\u3002Dell SupportAssist for Home PCs\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u5bb6\u5ead\u7535\u8111\u7684\u5ba2\u6237\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u63d0\u4f9b\u81ea\u52a8\u5316\u3001\u4e3b\u52a8\u548c\u9884\u6d4b\u6027\u6280\u672f\u8fdb\u884c\u6545\u969c\u6392\u9664\u7b49\u3002\r\n\r\nDell SupportAssist for Business PCs\u548cDell SupportAssist for Home PCs\u4e2d\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7cfb\u7edf\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell SupportAssist for Business PCs\u548cDell SupportAssist for Home PCs\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Dell SupportAssist for Home PCs 2.2",
      "Dell SupportAssist for Home PCs 2.2.1",
      "Dell SupportAssist for Home PCs 2.2.2",
      "Dell SupportAssist for Home PCs 2.2.3",
      "Dell SupportAssist for Home PCs 3.0",
      "Dell SupportAssist for Home PCs 3.0.1",
      "Dell SupportAssist for Home PCs 3.0.2",
      "Dell SupportAssist for Home PCs 3.1",
      "Dell SupportAssist for Home PCs 3.2",
      "Dell SupportAssist for Home PCs 3.2.1",
      "Dell SupportAssist for Business PCs 2.0"
    ]
  },
  "referenceLink": "http://www.dell.com/support/article/sln317453\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3735",
  "serverity": "\u9ad8",
  "submitTime": "2019-06-20",
  "title": "Dell SupportAssist for Business PCs\u548cDell SupportAssist for Home PCs\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2019-3735 (GCVE-0-2019-3735)

Vulnerability from cvelistv5 – Published: 2019-06-20 21:43 – Updated: 2024-09-17 00:12

Summary

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Severity ?

7 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Improper Privilege Management Vulnerability

Assigner

dell

References

URL

Tags

http://www.dell.com/support/article/sln317453

x_refsource_MISC

Impacted products

Vendor

Product

Version

Dell

Dell SupportAssist for Business PCs

Affected: 2.0

Dell

Dell SupportAssist for Home PCs

Affected: 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1

Credits

Dell would like to thank Bill Demirkapi for reporting this vulnerability.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.dell.com/support/article/sln317453"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dell SupportAssist for Business PCs",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "Dell SupportAssist for Home PCs",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Dell would like to thank Bill Demirkapi for reporting this vulnerability."
        }
      ],
      "datePublic": "2019-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Privilege Management Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-20T21:43:26",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.dell.com/support/article/sln317453"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "DATE_PUBLIC": "2019-06-19T04:35:00.000Z",
          "ID": "CVE-2019-3735",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Dell SupportAssist for Business PCs",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Dell SupportAssist for Home PCs",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Dell would like to thank Bill Demirkapi for reporting this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.dell.com/support/article/sln317453",
              "refsource": "MISC",
              "url": "http://www.dell.com/support/article/sln317453"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3735",
    "datePublished": "2019-06-20T21:43:26.331005Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T00:12:00.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-25720

CVE-2019-3735 (GCVE-0-2019-3735)

Tags

Sightings

Nomenclature