Notification

Icon
Error

Dell SupportAssist Vulnerability Report

Posted: Thursday, May 2, 2019 12:29:43 PM(UTC)
Bart.E

Bart.E

Member Administration Original PosterPosts: 73
7
Like
Hi everyone,

I've created a report based on this Dell security advisory for anyone who currently has Dell SupportAssist deployed.

A critical Remote Code Execution vulnerability has been discovered in Dell SupportAssist (CVE-2019-3719).

The report is color-coded to indicate whether an action is required. Obviously red means you will need to take action while green means you are fine.

Instructions on how to run the report can be found here.
To get started with Lansweeper, you can grab your free trial here.




Code:
Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then 'Vulnerable'
    Else 'Safe'
  End As Vulnerablity,
  tblSoftware.Lastchanged,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%SupportAssist' And
  tblState.Statename = 'Active'
Order By tblAssets.IPAddress Desc
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 236  
posted: 5/2/2019 5:24:14 PM(UTC)
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?
RobTechGuy
#2RobTechGuy Member Posts: 1  
posted: 5/2/2019 6:28:58 PM(UTC)
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks
Esben.D
#3Esben.D Member Administration Posts: 1,982  
posted: 5/6/2019 12:31:41 PM(UTC)
Originally Posted by: RobTechGuy Go to Quoted Post
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks


It would seem that Lansweeper detected multiple versions of Dell Support Assist on your machines then.
Esben.D
#4Esben.D Member Administration Posts: 1,982  
posted: 5/6/2019 12:36:08 PM(UTC)
Originally Posted by: AZHockeyNut Go to Quoted Post
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?


I've changed the report slightly to reduce possible duplicates. I also made the criteria stricter so the agent should no longer be displayed in the report.

Active Discussions

Lansweeper LsAgent.ini
by  Orion Poplawski   Go to last post Go to first unread
Last post: Yesterday at 4:49:12 PM(UTC)
Lansweeper LsAgent for Windows command line options?
by  Orion Poplawski  
Go to last post Go to first unread
Last post: Yesterday at 4:47:53 PM(UTC)
Lansweeper LSagent force a scan
by  Orion Poplawski   Go to last post Go to first unread
Last post: Yesterday at 4:46:49 PM(UTC)
Lansweeper MS Edge Chromium LanSweeper Extension development
by  steveb  
Go to last post Go to first unread
Last post: 4/16/2021 10:59:56 PM(UTC)
Lansweeper Office 365 v2 Scanning Error
by  DJX   Go to last post Go to first unread
Last post: 4/16/2021 7:37:57 PM(UTC)
Lansweeper Database size growing too large
by  JTempleton  
Go to last post Go to first unread
Last post: 4/16/2021 5:19:22 PM(UTC)
Lansweeper Limit New Ticket Notifications
by  Jeff WP   Go to last post Go to first unread
Last post: 4/16/2021 4:40:43 PM(UTC)
Lansweeper Monitor as an asset
by  tman247  
Go to last post Go to first unread
Last post: 4/16/2021 4:04:19 PM(UTC)