Dell computers found vulnerable to Remote Code Execution (RCE) Attacks
- The RCE vulnerability could allow attackers to hijack Dell computers
- Tracked as CVE-2019-3719, the RCE flaw has been patched in the SupportAssist v220.127.116.11 version.
Bill Demirkapi, a 17-year old security researcher from the US, has uncovered a vulnerability in Dell SupportAssist utility that exposes Dell laptops and computers to a remote attack.
More details on the vulnerability
ARP and DNS attacks against Dell systems
This vulnerability can be exploited by attackers using ARP and DNS Spoofing attacks. In order to perform ARP and DNS attacks, attackers looked at public WiFi networks or large enterprise networks which had at least one compromised machine to launch attacks against Dell systems running the SupportAssist tool.
“The attacker needs to be on the victim's network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim's machine in order to achieve remote code execution,” Demirkapi told ZDNet via email.
This vulnerability has impacted a huge number of users, as the SupportAssist tool is pre-installed on all Dell laptops and computers that come with a running Windows OS. However, Dell systems sold without an OS are not impacted.
Dell has released a security update to address this flaw. The RCE vulnerability, tracked as (CVE-2019-3719) has been patched in the SupportAssist v18.104.22.168 version. Dell users are advised to install the latest version.Demirkapi's vulnerability report provides additional technical details on the vulnerability.