CVE-2019-3735
First published: Thu Jun 20 2019(Updated: )
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell SupportAssist for Home PCs | =2.2 | |
| Dell SupportAssist for Home PCs | =2.2.1 | |
| Dell SupportAssist for Home PCs | =2.2.2 | |
| Dell SupportAssist for Home PCs | =2.2.3 | |
| Dell SupportAssist for Home PCs | =3.0 | |
| Dell SupportAssist for Home PCs | =3.0.1 | |
| Dell SupportAssist for Home PCs | =3.0.2 | |
| Dell SupportAssist for Home PCs | =3.1 | |
| Dell SupportAssist for Home PCs | =3.2 | |
| Dell SupportAssist for Home PCs | =3.2.1 | |
| Dell SupportAssist for Business PCs | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Dell SupportAssist vulnerability?
The vulnerability ID for this Dell SupportAssist vulnerability is CVE-2019-3735.
What is the severity of CVE-2019-3735?
The severity of CVE-2019-3735 is high with a score of 7.8.
Which versions of Dell SupportAssist are affected by CVE-2019-3735?
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs versions 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 are affected by CVE-2019-3735.
What is the vulnerability in Dell SupportAssist for Business PCs?
The vulnerability in Dell SupportAssist for Business PCs is an Improper Privilege Management Vulnerability.
How can a malicious local user exploit CVE-2019-3735 in Dell SupportAssist?
A malicious local user can exploit CVE-2019-3735 by inheriting a system thread.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell supportassist for home pcs
- version/dell supportassist for home pcs/2.2
- version/dell supportassist for home pcs/2.2.1
- version/dell supportassist for home pcs/2.2.2
- version/dell supportassist for home pcs/2.2.3
- version/dell supportassist for home pcs/3.0
- version/dell supportassist for home pcs/3.0.1
- version/dell supportassist for home pcs/3.0.2
- version/dell supportassist for home pcs/3.1
- version/dell supportassist for home pcs/3.2
- version/dell supportassist for home pcs/3.2.1
- canonical/dell supportassist for business pcs
- version/dell supportassist for business pcs/2.0