Notification

Icon
Error

Dell SupportAssist Vulnerability Report

Posted: Thursday, May 2, 2019 12:29:43 PM(UTC)
Bart.E

Bart.E

Member Administration Original PosterPosts: 73
7
Like
Hi everyone,

I've created a report based on this Dell security advisory for anyone who currently has Dell SupportAssist deployed.

A critical Remote Code Execution vulnerability has been discovered in Dell SupportAssist (CVE-2019-3719).

The report is color-coded to indicate whether an action is required. Obviously red means you will need to take action while green means you are fine.

Instructions on how to run the report can be found here.
To get started with Lansweeper, you can grab your free trial here.




Code:
Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then 'Vulnerable'
    Else 'Safe'
  End As Vulnerablity,
  tblSoftware.Lastchanged,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.0.90' Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%SupportAssist' And
  tblState.Statename = 'Active'
Order By tblAssets.IPAddress Desc
Options
AZHockeyNut
#1AZHockeyNut Member Alpha Tester Posts: 234  
posted: 5/2/2019 5:24:14 PM(UTC)
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?
0
RobTechGuy
#2RobTechGuy Member Posts: 1  
posted: 5/2/2019 6:28:58 PM(UTC)
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks
0
Esben.D
#3Esben.D Member Administration Posts: 1,827  
posted: 5/6/2019 12:31:41 PM(UTC)
Originally Posted by: RobTechGuy Go to Quoted Post
I downloaded the report and find that each machine is showing up multiple times. This is happening because the Dell Support Assist shows up in LANSweeper once for each version on the machine. So for each machine, I see one saying safe and two or three saying vulnerable.

Why does each machine appear in the report multiple times?

Thanks


It would seem that Lansweeper detected multiple versions of Dell Support Assist on your machines then.
0
Esben.D
#4Esben.D Member Administration Posts: 1,827  
posted: 5/6/2019 12:36:08 PM(UTC)
Originally Posted by: AZHockeyNut Go to Quoted Post
thanks, mine returns duplicates, I can't post the pic here. In a couple of cases it seems SupportAssistAgent vs SupportAssist, in others I cannot figure out why. Anyone else seeing this?


I've changed the report slightly to reduce possible duplicates. I also made the criteria stricter so the agent should no longer be displayed in the report.
0

Active Discussions

Lansweeper Windows 7 EOL
by  Esben.D   Go to last post Go to first unread
Last post: Today at 12:22:43 PM(UTC)
Lansweeper Patch Tuesday report, last 3 months
by  Esben.D   Go to last post Go to first unread
Last post: Today at 10:55:07 AM(UTC)
Lansweeper Thunderbird 68 Vulnerability
by  Esben.D   Go to last post Go to first unread
Last post: Today at 8:41:29 AM(UTC)
Lansweeper Drive Encryption statuses
by  JacobH   Go to last post Go to first unread
Last post: Yesterday at 5:41:10 PM(UTC)
Report Center Local admin group report based on domain role
by  JacobH   Go to last post Go to first unread
Last post: Yesterday at 5:24:13 PM(UTC)
Lansweeper Number of scanned IPs
by  wayneRex   Go to last post Go to first unread
Last post: Yesterday at 10:21:01 AM(UTC)
Lansweeper Ticket Summary by Agent?
by  susan.starr   Go to last post Go to first unread
Last post: 9/17/2019 4:41:26 PM(UTC)
Report Center Virtual machines and their host
by  klaus   Go to last post Go to first unread
Last post: 9/17/2019 8:44:57 AM(UTC)