CVE-2019-3719

Dell support agent fails to properly identify the origin of updates. By DNS spoofing and crafted payloads, an attacker can serve up an executable file that the support agent will run as system.

Recent assessments:

bwatters-r7 at July 18, 2019 9:47pm UTC reported:

As exploits go, being able to serve payloads to all Dell computers in a subnet us a pretty useful tool. It would require DNS hijacking and other noisy things, but not everyone is checking networks for those attacks, and if they are, they might be doing it on a Dell.

asoto-r7 at July 24, 2019 6:43pm UTC reported:

As exploits go, being able to serve payloads to all Dell computers in a subnet us a pretty useful tool. It would require DNS hijacking and other noisy things, but not everyone is checking networks for those attacks, and if they are, they might be doing it on a Dell.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4