Dell has patched two high-severity vulnerabilities in its SupportAssist software. The flaws could enable remote code-execution (RCE) and cross-site request forgery (CSRF) attacks. The software helps users remove viruses or detect security issues on their PCs. An unauthenticated attacker could exploit the flaw but they would need to share the network access layer with the vulnerable system. The second flaw is an improper origin validation vulnerability (CVE-2019-3718) with a ranking of 8.8.
Source: https://threatpost.com/dell-flaws-security-support-tool/144295/