Sign-up

ID

VAR-201910-0271


CVE

CVE-2019-3745


TITLE

Dell Encryption Enterprise and Endpoint Security Suite Enterprise Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2019-010588

DESCRIPTION

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator. The product includes features such as compliance management, authentication, disk data encryption, and port encryption. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.71

sources: NVD: CVE-2019-3745 // JVNDB: JVNDB-2019-010588 // VULHUB: VHN-155180

AFFECTED PRODUCTS

vendor:dellmodel:endpoint security suite enterprisescope:ltversion:2.4.0

Trust: 1.8

vendor:dellmodel:encryptionscope:ltversion:10.4.0

Trust: 1.0

vendor:dellmodel:encryption enterprisescope:ltversion:10.4.0

Trust: 0.8

vendor:dellmodel:encryptionscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-010588 // CNNVD: CNNVD-201910-275 // NVD: CVE-2019-3745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3745
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2019-3745
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3745
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201910-275
value: HIGH

Trust: 0.6

VULHUB: VHN-155180
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3745
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155180
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3745
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3745
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-3745
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155180 // JVNDB: JVNDB-2019-010588 // CNNVD: CNNVD-201910-275 // NVD: CVE-2019-3745 // NVD: CVE-2019-3745

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.9

problemtype:CWE-427

Trust: 1.0

sources: VULHUB: VHN-155180 // JVNDB: JVNDB-2019-010588 // NVD: CVE-2019-3745

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-275

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201910-275

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010588

PATCH
title:DSA-2019-107: Dell Encryption Enterprise and Dell Endpoint Security Suite Enterprise Installer Uncontrolled Search Path Vulnerabilityurl:https://www.dell.com/support/article/jp/ja/jpdhs1/sln318889/dsa-2019-107-dell-encryption-enterprise-and-dell-endpoint-security-suite-enterprise-installer-uncontrolled-search-path-vulnerability?lang=en
Trust: 0.8
title:Dell Encryption Enterprise Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98984
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010588 // 
            
            
            
            CNNVD: CNNVD-201910-275

EXTERNAL IDS
db:NVDid:CVE-2019-3745
Trust: 2.5
db:JVNDBid:JVNDB-2019-010588
Trust: 0.8
db:CNNVDid:CNNVD-201910-275
Trust: 0.7
db:CNVDid:CNVD-2020-15716
Trust: 0.1
db:VULHUBid:VHN-155180
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155180 // 
            
            
            
            JVNDB: JVNDB-2019-010588 // 
            
            
            
            CNNVD: CNNVD-201910-275 // 
            
            
            
            NVD: CVE-2019-3745

REFERENCES
url:https://www.dell.com/support/article/sln318889
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-3745
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3745
Trust: 0.8
sources:
            
            
            VULHUB: VHN-155180 // 
            
            
            
            JVNDB: JVNDB-2019-010588 // 
            
            
            
            CNNVD: CNNVD-201910-275 // 
            
            
            
            NVD: CVE-2019-3745

SOURCES
db:VULHUBid:VHN-155180
db:JVNDBid:JVNDB-2019-010588
db:CNNVDid:CNNVD-201910-275
db:NVDid:CVE-2019-3745

LAST UPDATE DATE
2024-11-23T22:16:49.037000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155180date:2019-10-11T00:00:00
db:JVNDBid:JVNDB-2019-010588date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-275date:2019-10-17T00:00:00
db:NVDid:CVE-2019-3745date:2024-11-21T04:42:27.210

SOURCES RELEASE DATE
db:VULHUBid:VHN-155180date:2019-10-07T00:00:00
db:JVNDBid:JVNDB-2019-010588date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-275date:2019-10-07T00:00:00
db:NVDid:CVE-2019-3745date:2019-10-07T19:15:11.047