CVE-2019-3735

HIGH

Dell SupportAssist 2.0-3.2.1 Privilege Escalation via Thread Handle Inheritance

Title source: llm

Description

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

http://www.dell.com/support/article/sln317453

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 10.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (11)

dell/supportassist_for_business_pcs 2.0

dell/supportassist_for_home_pcs 2.2

dell/supportassist_for_home_pcs 2.2.1

dell/supportassist_for_home_pcs 2.2.2

dell/supportassist_for_home_pcs 2.2.3

dell/supportassist_for_home_pcs 3.0

dell/supportassist_for_home_pcs 3.0.1

dell/supportassist_for_home_pcs 3.0.2

dell/supportassist_for_home_pcs 3.1

dell/supportassist_for_home_pcs 3.2

... and 1 more

Published Jun 20, 2019

Tracked Since Feb 18, 2026