CVE-2019-3719

HIGH

Dell Supportassist < 3.2.0.90 - Remote Code Execution

Title source: rule

Description

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

Exploits (1)

nomisec WORKING POC 4 stars

by jiansiting · poc

https://github.com/jiansiting/CVE-2019-3719

View Code ZIP pw:eip

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en

Scores

CVSS v3 8.0

EPSS 0.2245

EPSS Percentile 95.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

dell/supportassist < 3.2.0.90

Published Apr 18, 2019

Tracked Since Feb 18, 2026