CVE-2019-3717
Last modified
CVE-2019-3717 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Chengming 3967 Firmware | < 1.5.0 |
| Dell | Chengming 3977 Firmware | < 1.6.0 |
| Dell | Chengming 3980 Firmware | < 1.5.21 |
| Dell | G3 3579 Firmware | < 1.9.0 |
| Dell | G3 3779 Firmware | < 1.9.0 |
| Dell | G5 5587 Firmware | < 1.10.0 |
| Dell | G5 5590 Firmware | < 1.3.1 |
| Dell | G7 7588 Firmware | < 1.10.0 |
| Dell | G7 7590 Firmware | < 1.3.1 |
| Dell | G7 7790 Firmware | < 1.3.1 |
| Dell | Embedded Box Pc 5000 Firmware | < 1.5.6 |
| Dell | Inspiron 3153 Firmware | < 1.22.0 |
| Dell | Inspiron 3158 Firmware | < 1.22.0 |
| Dell | Inspiron 5368 Firmware | < 1.19.0 |
| Dell | Inspiron 5378 Firmware | < 1.27.0 |
| Dell | Inspiron 5379 Firmware | < 1.11.0 |
| Dell | Inspiron 7353 Firmware | < 1.22.0 |
| Dell | Inspiron 7359 Firmware | < 1.22.0 |
| Dell | Inspiron 7368 Firmware | < 1.19.0 |
| Dell | Inspiron 7373 Firmware | < 1.13.1 |
| Dell | Inspiron 7378 Firmware | < 1.27.0 |
| Dell | Inspiron 7370 Firmware | < 1.13.1 |
| Dell | Inspiron 3459 Firmware | < 1.9.0 |
| Dell | Inspiron 3467 Firmware | < 2.9.0 |
| Dell | Inspiron 3468 Firmware | < 1.12.0 |
| Dell | Inspiron 5468 Firmware | < 1.9.1 |
| Dell | Inspiron 7460 Firmware | < 1.10.0 |
| Dell | Inspiron 7466 Firmware | < 1.4.0 |
| Dell | Inspiron 7467 Firmware | < 1.9.0 |
| Dell | Inspiron 3458 Firmware | < a18 |
| Dell | Inspiron 3559 Firmware | < 1.9.0 |
| Dell | Inspiron 3567 Firmware | < 2.9.0 |
| Dell | Inspiron 3568 Firmware | < 1.12.0 |
| Dell | Inspiron 5566 Firmware | < 1.9.1 |
| Dell | Inspiron 5567 Firmware | < 1.2.7 |
| Dell | Inspiron 7560 Firmware | < 1.10.0 |
| Dell | Inspiron 5568 Firmware | < 1.19.0 |
| Dell | Inspiron 5578 Firmware | < 1.27.0 |
| Dell | Inspiron 5579 Firmware | < 1.11.0 |
| Dell | Inspiron 7568 Firmware | < 1.22.0 |
| Dell | Inspiron 7569 Firmware | < 1.19.0 |
| Dell | Inspiron 7573 Firmware | < 1.13.1 |
| Dell | Inspiron 7579 Firmware | < 1.27.0 |
| Dell | Inspiron 7570 Firmware | < 1.13.1 |
| Dell | Inspiron 7566 Firmware | < 1.4.0 |
| Dell | Inspiron 7567 Firmware | < 1.9.0 |
| Dell | Inspiron 7577 Firmware | < 1.7.0 |
| Dell | Inspiron 3558 Firmware | < a18 |
| Dell | Inspiron 5767 Firmware | < 1.2.7 |
| Dell | Inspiron 7773 Firmware | < 1.11.0 |
Showing 50 of 241 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-3717?
How severe is CVE-2019-3717?
How do I fix CVE-2019-3717?
Are you affected by CVE-2019-3717?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST