Attacker Value
Very High
(2 users assessed)
Exploitability
High
(2 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2019-3719

Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Dell support agent fails to properly identify the origin of updates. By DNS spoofing and crafted payloads, an attacker can serve up an executable file that the support agent will run as system.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Medium
Technical Analysis

As exploits go, being able to serve payloads to all Dell computers in a subnet us a pretty useful tool. It would require DNS hijacking and other noisy things, but not everyone is checking networks for those attacks, and if they are, they might be doing it on a Dell.

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis

While the author specifically lists ARP spoofing and DNS hijacking as necessary, I suspect ARP spoofing is not a needed step and DNS cache poisoning may also work to turn this into a remote, site-wide attack.

Perhaps more interesting is that it’s unstated (in both the blog post and the Dell advisory) whether this software supports auto-update, and it seems like Dell would have mentioned it if it did. Instead, Dell points to a manual EXE-based installer. The software only runs on Dell and AlienWare hardware, so I wasn’t able (or willing to be persistent enough) to get it to run in a VM.

General Information

Additional Info

Technical Analysis