CVE-2019-3735

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Published: Jun 21, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3735
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
dell / supportassist_for_home_pcs	2.2	2.2.x
dell / supportassist_for_home_pcs	2.2.1	2.2.1.x
dell / supportassist_for_home_pcs	2.2.2	2.2.2.x
dell / supportassist_for_home_pcs	2.2.3	2.2.3.x
dell / supportassist_for_home_pcs	3.0	3.0.x
dell / supportassist_for_home_pcs	3.0.1	3.0.1.x
dell / supportassist_for_home_pcs	3.0.2	3.0.2.x
dell / supportassist_for_home_pcs	3.1	3.1.x
dell / supportassist_for_home_pcs	3.2	3.2.x
dell / supportassist_for_home_pcs	3.2.1	3.2.1.x
dell / supportassist_for_business_pcs	2.0	2.0.x

http://www.dell.com/support/article/sln317453

Vulnerability Database

CVE-2019-3735

Deep Security Visibility Without the Complexity