Dell SupportAssist Client up to 3.2 Origin Validator cross site request forgery

A vulnerability was found in Dell SupportAssist Client up to 3.2. It has been declared as problematic. This vulnerability affects a code block of the component Origin Validator. The manipulation with an unknown input leads to a cross site request forgery vulnerability. The CWE definition for the vulnerability is CWE-352. As an impact it is known to affect integrity. An attacker might be able force legitimate users to initiate unwanted actions within the web application.

The weakness was released 04/18/2019. This vulnerability was named CVE-2019-3718 since 01/03/2019. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 04/19/2019).

Upgrading to version 3.2.0.90 eliminates this vulnerability.

Entries connected to this vulnerability are available at 133847.

Vendor

• Dell

Name

• SupportAssist Client

• ?
• ?
• ?

• ?
• ?
• ?

VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 5.1

VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: ?
VulDB Reliability: ?

VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Cross site request forgery (CWE-352)
Local: No
Remote: Yes

Availability: ?
Status: Not defined

Price Prediction: ?
Current Price Estimation: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?
0-Day Time: ?

Upgrade: SupportAssist Client 3.2.0.90

01/03/2019 CVE assigned
04/18/2019 +105 days Advisory disclosed
04/19/2019 +1 days VulDB entry created
04/19/2019 +0 days VulDB last updateCVE: CVE-2019-3718 (?)
See also: ?Created: 04/19/2019 08:08 AM
Complete: ?

Comments

Comments are closed.