Notification

Icon
Error

Dell SupportAssist Vulnerability Report

Posted: Thursday, May 2, 2019 12:29:43 PM(UTC)
Bart.E

Bart.E

Member Administration Original PosterPosts: 73
7
Like
Hi everyone,

I've created a report based on this Dell security advisory for anyone who currently has Dell SupportAssist deployed.

A critical Remote Code Execution vulnerability has been discovered in Dell SupportAssist (CVE-2019-3719).

The report is color-coded to indicate whether an action is required. Obviously red means you will need to take action while green means you are fine.

Instructions on how to run the report can be found here.
To get started with Lansweeper, you can grab your free trial here.




Code:
Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then 'Vulnerable'
    Else 'Safe'
  End As Vulnerablity,
  tblSoftware.Lastchanged,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%SupportAssist' And
  tblState.Statename = 'Active'
Order By tblAssets.IPAddress Desc
Options
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 235  
posted: 5/2/2019 5:24:14 PM(UTC)
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?
0
RobTechGuy
#2RobTechGuy Member Posts: 1  
posted: 5/2/2019 6:28:58 PM(UTC)
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks
0
Esben.D
#3Esben.D Member Administration Posts: 1,982  
posted: 5/6/2019 12:31:41 PM(UTC)
Originally Posted by: RobTechGuy Go to Quoted Post
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks


It would seem that Lansweeper detected multiple versions of Dell Support Assist on your machines then.
0
Esben.D
#4Esben.D Member Administration Posts: 1,982  
posted: 5/6/2019 12:36:08 PM(UTC)
Originally Posted by: AZHockeyNut Go to Quoted Post
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?


I've changed the report slightly to reduce possible duplicates. I also made the criteria stricter so the agent should no longer be displayed in the report.
0

Active Discussions

Lansweeper Understanding current setup
by  ggarcia   Go to last post Go to first unread
Last post: Today at 12:24:42 AM(UTC)
Lansweeper Remote desktop custom port
by  sefaucher   Go to last post Go to first unread
Last post: Yesterday at 10:30:49 PM(UTC)
Lansweeper Unable to transfer user's data prior to removal
by  RickW99456   Go to last post Go to first unread
Last post: Yesterday at 9:06:14 PM(UTC)
Lansweeper Unable to access the lansweeper consol for other computer
by  Kudnan Ingle   Go to last post Go to first unread
Last post: Yesterday at 7:49:32 PM(UTC)
Lansweeper Closing and re-opening of tickets
by  NWHiker   Go to last post Go to first unread
Last post: Yesterday at 3:42:56 PM(UTC)
Lansweeper Wake on Lan Issues
by  woldummy   Go to last post Go to first unread
Last post: Yesterday at 3:42:07 PM(UTC)
Lansweeper Deploy and start Software
by  EDV_OHZ   Go to last post Go to first unread
Last post: Yesterday at 12:49:08 PM(UTC)
Lansweeper Helpdek Call Re-Opened
by  mouaad   Go to last post Go to first unread
Last post: Yesterday at 7:30:59 AM(UTC)