CVE-2019-3717

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

Published: 2019-08-05 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2019-3717 is rated Low Risk (37.2/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.36%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2019-3717

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.07% 0.36% +0.29%
2 2025-03-30 0.23% 0.07% -0.16%
3 2025-03-29 0.23%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2019-3717

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 3.1 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.9 5.9 [email protected]
7.1 3.0 HIGH
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.5 6.0 [email protected]
7.2 2.0 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
3.9 10.0 [email protected]

Weakness enumeration for CVE-2019-3717

Affected software / configurations for CVE-2019-3717

Vendor Product Version Raw CPE
dell chengming_3967_firmware < 1.5.0 cpe:2.3:o:dell:chengming_3967_firmware:*:*:*:*:*:*:*:*
dell chengming_3977_firmware < 1.6.0 cpe:2.3:o:dell:chengming_3977_firmware:*:*:*:*:*:*:*:*
dell chengming_3980_firmware < 1.5.21 cpe:2.3:o:dell:chengming_3980_firmware:*:*:*:*:*:*:*:*
dell g3_3579_firmware < 1.9.0 cpe:2.3:o:dell:g3_3579_firmware:*:*:*:*:*:*:*:*
dell g3_3779_firmware < 1.9.0 cpe:2.3:o:dell:g3_3779_firmware:*:*:*:*:*:*:*:*
dell g5_5587_firmware < 1.10.0 cpe:2.3:o:dell:g5_5587_firmware:*:*:*:*:*:*:*:*
dell g5_5590_firmware < 1.3.1 cpe:2.3:o:dell:g5_5590_firmware:*:*:*:*:*:*:*:*
dell g7_7588_firmware < 1.10.0 cpe:2.3:o:dell:g7_7588_firmware:*:*:*:*:*:*:*:*
dell g7_7590_firmware < 1.3.1 cpe:2.3:o:dell:g7_7590_firmware:*:*:*:*:*:*:*:*
dell g7_7790_firmware < 1.3.1 cpe:2.3:o:dell:g7_7790_firmware:*:*:*:*:*:*:*:*
dell embedded_box_pc_5000_firmware < 1.5.6 cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:*
dell inspiron_3153_firmware < 1.22.0 cpe:2.3:o:dell:inspiron_3153_firmware:*:*:*:*:*:*:*:*
dell inspiron_3158_firmware < 1.22.0 cpe:2.3:o:dell:inspiron_3158_firmware:*:*:*:*:*:*:*:*
dell inspiron_5368_firmware < 1.19.0 cpe:2.3:o:dell:inspiron_5368_firmware:*:*:*:*:*:*:*:*
dell inspiron_5378_firmware < 1.27.0 cpe:2.3:o:dell:inspiron_5378_firmware:*:*:*:*:*:*:*:*
dell inspiron_5379_firmware < 1.11.0 cpe:2.3:o:dell:inspiron_5379_firmware:*:*:*:*:*:*:*:*
dell inspiron_7353_firmware < 1.22.0 cpe:2.3:o:dell:inspiron_7353_firmware:*:*:*:*:*:*:*:*
dell inspiron_7359_firmware < 1.22.0 cpe:2.3:o:dell:inspiron_7359_firmware:*:*:*:*:*:*:*:*
dell inspiron_7368_firmware < 1.19.0 cpe:2.3:o:dell:inspiron_7368_firmware:*:*:*:*:*:*:*:*
dell inspiron_7373_firmware < 1.13.1 cpe:2.3:o:dell:inspiron_7373_firmware:*:*:*:*:*:*:*:*
dell inspiron_7378_firmware < 1.27.0 cpe:2.3:o:dell:inspiron_7378_firmware:*:*:*:*:*:*:*:*
dell inspiron_7370_firmware < 1.13.1 cpe:2.3:o:dell:inspiron_7370_firmware:*:*:*:*:*:*:*:*
dell inspiron_3459_firmware < 1.9.0 cpe:2.3:o:dell:inspiron_3459_firmware:*:*:*:*:*:*:*:*
dell inspiron_3467_firmware < 2.9.0 cpe:2.3:o:dell:inspiron_3467_firmware:*:*:*:*:*:*:*:*
dell inspiron_3468_firmware < 1.12.0 cpe:2.3:o:dell:inspiron_3468_firmware:*:*:*:*:*:*:*:*
dell inspiron_5468_firmware < 1.9.1 cpe:2.3:o:dell:inspiron_5468_firmware:*:*:*:*:*:*:*:*
dell inspiron_7460_firmware < 1.10.0 cpe:2.3:o:dell:inspiron_7460_firmware:*:*:*:*:*:*:*:*
dell inspiron_7466_firmware < 1.4.0 cpe:2.3:o:dell:inspiron_7466_firmware:*:*:*:*:*:*:*:*
dell inspiron_7467_firmware < 1.9.0 cpe:2.3:o:dell:inspiron_7467_firmware:*:*:*:*:*:*:*:*
dell inspiron_3458_firmware < a18 cpe:2.3:o:dell:inspiron_3458_firmware:*:*:*:*:*:*:*:*
dell inspiron_3559_firmware < 1.9.0 cpe:2.3:o:dell:inspiron_3559_firmware:*:*:*:*:*:*:*:*
dell inspiron_3567_firmware < 2.9.0 cpe:2.3:o:dell:inspiron_3567_firmware:*:*:*:*:*:*:*:*
dell inspiron_3568_firmware < 1.12.0 cpe:2.3:o:dell:inspiron_3568_firmware:*:*:*:*:*:*:*:*
dell inspiron_5566_firmware < 1.9.1 cpe:2.3:o:dell:inspiron_5566_firmware:*:*:*:*:*:*:*:*
dell inspiron_5567_firmware < 1.2.7 cpe:2.3:o:dell:inspiron_5567_firmware:*:*:*:*:*:*:*:*
dell inspiron_7560_firmware < 1.10.0 cpe:2.3:o:dell:inspiron_7560_firmware:*:*:*:*:*:*:*:*
dell inspiron_5568_firmware < 1.19.0 cpe:2.3:o:dell:inspiron_5568_firmware:*:*:*:*:*:*:*:*
dell inspiron_5578_firmware < 1.27.0 cpe:2.3:o:dell:inspiron_5578_firmware:*:*:*:*:*:*:*:*
dell inspiron_5579_firmware < 1.11.0 cpe:2.3:o:dell:inspiron_5579_firmware:*:*:*:*:*:*:*:*
dell inspiron_7568_firmware < 1.22.0 cpe:2.3:o:dell:inspiron_7568_firmware:*:*:*:*:*:*:*:*
dell inspiron_7569_firmware < 1.19.0 cpe:2.3:o:dell:inspiron_7569_firmware:*:*:*:*:*:*:*:*
dell inspiron_7573_firmware < 1.13.1 cpe:2.3:o:dell:inspiron_7573_firmware:*:*:*:*:*:*:*:*
dell inspiron_7579_firmware < 1.27.0 cpe:2.3:o:dell:inspiron_7579_firmware:*:*:*:*:*:*:*:*
dell inspiron_7570_firmware < 1.13.1 cpe:2.3:o:dell:inspiron_7570_firmware:*:*:*:*:*:*:*:*
dell inspiron_7566_firmware < 1.4.0 cpe:2.3:o:dell:inspiron_7566_firmware:*:*:*:*:*:*:*:*
dell inspiron_7567_firmware < 1.9.0 cpe:2.3:o:dell:inspiron_7567_firmware:*:*:*:*:*:*:*:*
dell inspiron_7577_firmware < 1.7.0 cpe:2.3:o:dell:inspiron_7577_firmware:*:*:*:*:*:*:*:*
dell inspiron_3558_firmware < a18 cpe:2.3:o:dell:inspiron_3558_firmware:*:*:*:*:*:*:*:*
dell inspiron_5767_firmware < 1.2.7 cpe:2.3:o:dell:inspiron_5767_firmware:*:*:*:*:*:*:*:*
dell inspiron_7773_firmware < 1.11.0 cpe:2.3:o:dell:inspiron_7773_firmware:*:*:*:*:*:*:*:*
dell inspiron_7778_firmware < 1.19.0 cpe:2.3:o:dell:inspiron_7778_firmware:*:*:*:*:*:*:*:*
dell inspiron_7779_firmware < 1.27.0 cpe:2.3:o:dell:inspiron_7779_firmware:*:*:*:*:*:*:*:*
dell inspiron_3268_firmware < 1.11.1 cpe:2.3:o:dell:inspiron_3268_firmware:*:*:*:*:*:*:*:*
dell inspiron_3470_firmware < 1.5.21 cpe:2.3:o:dell:inspiron_3470_firmware:*:*:*:*:*:*:*:*
dell inspiron_3476_firmware < 1.7.0 cpe:2.3:o:dell:inspiron_3476_firmware:*:*:*:*:*:*:*:*
dell inspiron_3480_firmware < 1.4.1 cpe:2.3:o:dell:inspiron_3480_firmware:*:*:*:*:*:*:*:*
dell inspiron_3481_firmware < 1.2.0 cpe:2.3:o:dell:inspiron_3481_firmware:*:*:*:*:*:*:*:*
dell inspiron_3576_firmware < 1.7.0 cpe:2.3:o:dell:inspiron_3576_firmware:*:*:*:*:*:*:*:*
dell inspiron_3580_firmware < 1.4.1 cpe:2.3:o:dell:inspiron_3580_firmware:*:*:*:*:*:*:*:*
dell inspiron_3583_firmware < 1.4.1 cpe:2.3:o:dell:inspiron_3583_firmware:*:*:*:*:*:*:*:*
dell inspiron_3581_firmware < 1.2.0 cpe:2.3:o:dell:inspiron_3581_firmware:*:*:*:*:*:*:*:*
dell inspiron_3584_firmware < 1.2.0 cpe:2.3:o:dell:inspiron_3584_firmware:*:*:*:*:*:*:*:*
dell inspiron_3668_firmware < 1.11.1 cpe:2.3:o:dell:inspiron_3668_firmware:*:*:*:*:*:*:*:*
dell inspiron_670_firmware < 1.5.21 cpe:2.3:o:dell:inspiron_670_firmware:*:*:*:*:*:*:*:*
dell inspiron_3780_firmware < 1.4.1 cpe:2.3:o:dell:inspiron_3780_firmware:*:*:*:*:*:*:*:*
dell inspiron_3781_firmware < 1.2.0 cpe:2.3:o:dell:inspiron_3781_firmware:*:*:*:*:*:*:*:*
dell inspiron_5370_firmware < 1.11.1 cpe:2.3:o:dell:inspiron_5370_firmware:*:*:*:*:*:*:*:*
dell inspiron_5457_firmware < 1.6.0 cpe:2.3:o:dell:inspiron_5457_firmware:*:*:*:*:*:*:*:*
dell inspiron_5458_firmware < a17 cpe:2.3:o:dell:inspiron_5458_firmware:*:*:*:*:*:*:*:*
dell inspiron_5459_firmware < 1.7.0 cpe:2.3:o:dell:inspiron_5459_firmware:*:*:*:*:*:*:*:*
dell inspiron_5480_firmware < 2.2.0 cpe:2.3:o:dell:inspiron_5480_firmware:*:*:*:*:*:*:*:*
dell inspiron_5481_firmware < 2.2.0 cpe:2.3:o:dell:inspiron_5481_firmware:*:*:*:*:*:*:*:*
dell inspiron_5482_firmware < 2.2.0 cpe:2.3:o:dell:inspiron_5482_firmware:*:*:*:*:*:*:*:*
dell inspiron_5557_firmware < 1.6.0 cpe:2.3:o:dell:inspiron_5557_firmware:*:*:*:*:*:*:*:*
dell inspiron_5558_firmware < a17 cpe:2.3:o:dell:inspiron_5558_firmware:*:*:*:*:*:*:*:*
dell inspiron_5559_firmware < 1.7.0 cpe:2.3:o:dell:inspiron_5559_firmware:*:*:*:*:*:*:*:*
dell inspiron_5570_firmware < 1.2.1 cpe:2.3:o:dell:inspiron_5570_firmware:*:*:*:*:*:*:*:*
dell inspiron_5580_firmware < 2.2.0 cpe:2.3:o:dell:inspiron_5580_firmware:*:*:*:*:*:*:*:*
dell inspiron_5582_firmware < 2.2.0 cpe:2.3:o:dell:inspiron_5582_firmware:*:*:*:*:*:*:*:*
dell inspiron_5758_firmware < a17 cpe:2.3:o:dell:inspiron_5758_firmware:*:*:*:*:*:*:*:*

References for CVE-2019-3717

cvelogic Threat Intelligence