CVE-2019-3719

Name of the Vulnerable Software and Affected Versions Dell SupportAssist Client versions prior to 3.2.0.90

Description The issue allows an unauthenticated attacker, sharing the network access layer with the vulnerable system, to compromise the system by tricking a victim user into downloading and executing arbitrary executables via the SupportAssist client from attacker-hosted sites. This vulnerability affects over 30 million devices, including 128 models of Dell desktops and laptops. Two of the vulnerabilities were fixed by Dell on the server side, while the other two require a client-side update.

Recommendations For Dell SupportAssist Client versions prior to 3.2.0.90, update to version 3.2.0.90 or later to resolve the issue. As a temporary workaround, consider disabling the BIOSConnect service to minimize the risk of exploitation.