Notification

Icon
Error

Dell SupportAssist Vulnerability Report

Posted: Thursday, May 2, 2019 12:29:43 PM(UTC)
Bart.E

Bart.E

Member Administration Original PosterPosts: 73
7
Like
Hi everyone,

I've created a report based on this Dell security advisory for anyone who currently has Dell SupportAssist deployed.

A critical Remote Code Execution vulnerability has been discovered in Dell SupportAssist (CVE-2019-3719).

The report is color-coded to indicate whether an action is required. Obviously red means you will need to take action while green means you are fine.

Instructions on how to run the report can be found here.
To get started with Lansweeper, you can grab your free trial here.




Code:
Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then 'Vulnerable'
    Else 'Safe'
  End As Vulnerablity,
  tblSoftware.Lastchanged,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%SupportAssist' And
  tblState.Statename = 'Active'
Order By tblAssets.IPAddress Desc
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 230  
posted: 5/2/2019 5:24:14 PM(UTC)
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?
RobTechGuy
#2RobTechGuy Member Posts: 1  
posted: 5/2/2019 6:28:58 PM(UTC)
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks
Esben.D
#3Esben.D Member Administration Posts: 1,685  
posted: 5/6/2019 12:31:41 PM(UTC)
Originally Posted by: RobTechGuy Go to Quoted Post
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks


It would seem that Lansweeper detected multiple versions of Dell Support Assist on your machines then.
Esben.D
#4Esben.D Member Administration Posts: 1,685  
posted: 5/6/2019 12:36:08 PM(UTC)
Originally Posted by: AZHockeyNut Go to Quoted Post
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?


I've changed the report slightly to reduce possible duplicates. I also made the criteria stricter so the agent should no longer be displayed in the report.

Active Discussions

Lansweeper How to scan assets on a different network
by  twpseaton   Go to last post Go to first unread
Last post: Yesterday at 10:04:36 PM(UTC)
Lansweeper How do you scan your assets on your network?
by  OycAdmin  
Go to last post Go to first unread
Last post: Yesterday at 8:48:11 PM(UTC)
Lansweeper Report for SSAS and SSIS
by  The Boss   Go to last post Go to first unread
Last post: Yesterday at 6:53:21 PM(UTC)
Lansweeper Firefox 67.0.3 zero-day vulnerability
by  Esben.D  
Go to last post Go to first unread
Last post: Yesterday at 3:34:44 PM(UTC)
Lansweeper Lansweeper warnings sent to an email
by  MilicaM   Go to last post Go to first unread
Last post: Yesterday at 2:23:29 PM(UTC)
Lansweeper ShellRunAs action in Lansweeper
by  DavidL  
Go to last post Go to first unread
Last post: Yesterday at 11:58:07 AM(UTC)
Lansweeper Fonts
by  Spectrum   Go to last post Go to first unread
Last post: Yesterday at 11:24:19 AM(UTC)
Lansweeper PO Box Query
by  kmoc  
Go to last post Go to first unread
Last post: Yesterday at 11:16:28 AM(UTC)