Vulnerability Description
An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Update Package Framework | < 3.8.3.67 |
| Dell | Client Platforms | - |
| Dell | Emc Servers | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/article/SLN318693Vendor Advisory
- https://www.dell.com/support/article/SLN318693Vendor Advisory
FAQ
What is CVE-2019-3726?
CVE-2019-3726 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in...
How severe is CVE-2019-3726?
CVE-2019-3726 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3726?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Update Package Framework, Dell Client Platforms, Dell Emc Servers.