loader gif

Dell computers found vulnerable to Remote Code Execution (RCE) Attacks

Dell computers found vulnerable to Remote Code Execution (RCE) Attacks
  • The RCE vulnerability could allow attackers to hijack Dell computers
  • Tracked as CVE-2019-3719, the RCE flaw has been patched in the SupportAssist v3.2.0.90 version.

Bill Demirkapi, a 17-year old security researcher from the US, has uncovered a vulnerability in Dell SupportAssist utility that exposes Dell laptops and computers to a remote attack.

More details on the vulnerability

This RCE vulnerability could allow attackers to hijack Dell computers. However, the attack relies on redirecting users to a malicious webpage, where JavaScript code tricks the Dell SupportAssist tool into downloading and running files from an attacker-controlled location.

The malicious JavaScript code is hidden inside ads (iframes) on legitimate sites. The iframes that contain the JavaScript code will redirect to a subdomain of dell.com, and then a DNS spoofing attack performed from an attacker-controlled machine will return an incorrect IP address for the dell.com domain. This allows the attacker to control all the files that are sent and executed by the SupportAssist tool.

ARP and DNS attacks against Dell systems

This vulnerability can be exploited by attackers using ARP and DNS Spoofing attacks. In order to perform ARP and DNS attacks, attackers looked at public WiFi networks or large enterprise networks which had at least one compromised machine to launch attacks against Dell systems running the SupportAssist tool.

“The attacker needs to be on the victim's network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim's machine in order to achieve remote code execution,” Demirkapi told ZDNet via email.

The impact

This vulnerability has impacted a huge number of users, as the SupportAssist tool is pre-installed on all Dell laptops and computers that come with a running Windows OS. However, Dell systems sold without an OS are not impacted.

Patch available

Dell has released a security update to address this flaw. The RCE vulnerability, tracked as (CVE-2019-3719) has been patched in the SupportAssist v3.2.0.90 version. Dell users are advised to install the latest version.

Demirkapi's vulnerability report provides additional technical details on the vulnerability.
loader gif