Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Dell Foundation Services 'Service Tag' Remote Information Disclosure
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
An issue in Dell Foundation Services, version 2.3.3800.0A00 and below, can be exploited by a malicious website to leak the Dell service tag of a Dell system, which can be used for tracking purposes, or for social engineering.
Insight
Insight
Dell Foundation Services starts a HTTPd that listens on port 7779. Generally, requests to the API exposed by this HTTPd must be requests signed using a RSA-1024 key and hashed with SHA512. One of the JSONP API endpoints to obtain the service tag does not need a valid signature to be provided. Thus, any website can call it.
Affected Software
Affected Software
Dell Foundation Services 2.3.3800.0A00 and below.
Detection Method
Detection Method
Send a HTTP GET request and check the response.
Solution
Solution
Update to a Dell Foundation Services > 2.3.3800.0A00 or uninstall Dell Foundation Services