Hello, welcome to the Thursday, May 2nd, 2019 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Augusta, Georgia.

If you have a Dell computer, make sure that the support assist software that's delivered by default on most Dell computers has either

been disabled or updated. Dell patched a critical vulnerability in this software that could lead

to remote code execution. The problem here is the ever so ubiquitous cross-site request forging

problem. The Dell Support Assist does run a rest API that's only accessible via local hosts,

so you would think, well, not easily accessible for a remote attacker, but your browser can easily be tricked into sending

a request to this API since the API does not verify the origin of the request.

The API is all powerful, allows you to download and execute software.

It's intended for, as the name implies, support purposes and also to allow you to install updates and the like.

And that's really what this API is supposed to accomplish.

But due to the missing origin check, anybody whose website you visit is able to send requests to the API

triggering these updates and downloads. Bill Demarcopi found this vulnerability originally

October 26th last year reported it to Dell. Dell released an update for this vulnerability about two weeks ago,

and on Monday, Bill published a blog post with details about this vulnerability,

including proof-of-concept exploits.

And then we got 14 vulnerabilities in the AM 100 and AM100 and 1stress on Air Media Presentation Gateway.

These are devices that allow you to present wirelessly from a laptop or a mobile device.

And sadly, many of these 14 vulnerabilities do allow remote code

execution. To make things even more interesting, Creston announced that for some of these

vulnerabilities you may receive a patch end of the month. For others, you do have to wait until July.

I've seen these devices in multiple hotels, also at universities. Now, the product itself has

...