Notification

Icon
Error

Dell SupportAssist Vulnerability Report

Posted: Thursday, May 2, 2019 12:29:43 PM(UTC)
Bart.E

Bart.E

Member Administration Original PosterPosts: 73
7
Like
Hi everyone,

I've created a report based on this Dell security advisory for anyone who currently has Dell SupportAssist deployed.

A critical Remote Code Execution vulnerability has been discovered in Dell SupportAssist (CVE-2019-3719).

The report is color-coded to indicate whether an action is required. Obviously red means you will need to take action while green means you are fine.

Instructions on how to run the report can be found here.
To get started with Lansweeper, you can grab your free trial here.




Code:
Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then 'Vulnerable'
    Else 'Safe'
  End As Vulnerablity,
  tblSoftware.Lastchanged,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%SupportAssist' And
  tblState.Statename = 'Active'
Order By tblAssets.IPAddress Desc
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 235  
posted: 5/2/2019 5:24:14 PM(UTC)
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?
RobTechGuy
#2RobTechGuy Member Posts: 1  
posted: 5/2/2019 6:28:58 PM(UTC)
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks
Esben.D
#3Esben.D Member Administration Posts: 1,956  
posted: 5/6/2019 12:31:41 PM(UTC)
Originally Posted by: RobTechGuy Go to Quoted Post
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks


It would seem that Lansweeper detected multiple versions of Dell Support Assist on your machines then.
Esben.D
#4Esben.D Member Administration Posts: 1,956  
posted: 5/6/2019 12:36:08 PM(UTC)
Originally Posted by: AZHockeyNut Go to Quoted Post
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?


I've changed the report slightly to reduce possible duplicates. I also made the criteria stricter so the agent should no longer be displayed in the report.

Active Discussions

Lansweeper HP Warranty scan - broken for some products
by  M Redfern   Go to last post Go to first unread
Last post: Today at 12:30:44 PM(UTC)
Lansweeper Worked time
by  Imrane DESSAI  
Go to last post Go to first unread
Last post: Today at 7:14:40 AM(UTC)
Lansweeper Adding Owner/User information to Assets:All column report
by  ssmarr5   Go to last post Go to first unread
Last post: Today at 12:15:01 AM(UTC)
Lansweeper Send users email about low disk space
by  DontByteMe  
Go to last post Go to first unread
Last post: Yesterday at 10:02:43 PM(UTC)
Lansweeper Can reports be directed to a file server
by  RKCar   Go to last post Go to first unread
Last post: Yesterday at 9:40:18 PM(UTC)
Lansweeper Monitor Model- Generic PnP Monitor
by  Roger D.  
Go to last post Go to first unread
Last post: Yesterday at 7:22:01 PM(UTC)
Lansweeper Are Deleted Dashboard Tabs Retrievable?
by  Rob-CD   Go to last post Go to first unread
Last post: Yesterday at 4:04:45 PM(UTC)
Lansweeper Assets Not Seen in 90 Days not Automatically becoming Inactive
by  Rob-CD  
Go to last post Go to first unread
Last post: Yesterday at 4:00:00 PM(UTC)