CVE-2019-3717

high-risk

Published 2019-08-05

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Chengming 3967 Firmware

Chengming 3977 Firmware

Chengming 3980 Firmware

G3 3579 Firmware

G3 3779 Firmware

G5 5587 Firmware

G5 5590 Firmware

G7 7588 Firmware

G7 7590 Firmware

G7 7790 Firmware

Embedded Box Pc 5000 Firmware

Inspiron 3153 Firmware

Inspiron 3158 Firmware

Inspiron 5368 Firmware

Inspiron 5378 Firmware

Inspiron 5379 Firmware

Inspiron 7353 Firmware

Inspiron 7359 Firmware

Inspiron 7368 Firmware

Inspiron 7373 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client...

/ 100

high-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical