CVE-2020-5324

EPSS 0.1%
Published 21.02.2020 15:15:12
Last modified 21.11.2024 05:33:54
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ G3 3579 Firmware Version < 1.11.0

Dell ≫ G3 3579 Version-

Dell ≫ G3 3779 Firmware Version < 1.11.0

Dell ≫ G3 3779 Version-

Dell ≫ G3 15 3590 Firmware Version < 1.9.2

Dell ≫ G3 15 3590 Version-

Dell ≫ G5 15 5590 Firmware Version < 1.11.1

Dell ≫ G5 15 5590 Version-

Dell ≫ G5 5090 Firmware Version < 1.1.2

Dell ≫ G5 5090 Version-

Dell ≫ G5 5587 Firmware Version < 1.12.2

Dell ≫ G5 5587 Version-

Dell ≫ G7 15 7590 Firmware Version < 1.11.1

Dell ≫ G7 15 7590 Version-

Dell ≫ G7 17 7790 Firmware Version < 1.11.1

Dell ≫ G7 17 7790 Version-

Dell ≫ G7 7588 Firmware Version < 1.12.2

Dell ≫ G7 7588 Version-

Dell ≫ Inspiron 14 5490 Firmware Version < 1.4.0

Dell ≫ Inspiron 14 5490 Version-

Dell ≫ Inspiron 3480 Firmware Version < 1.7.0

Dell ≫ Inspiron 3480 Version-

Dell ≫ Inspiron 3481 Firmware Version < 1.6.0

Dell ≫ Inspiron 3481 Version-

Dell ≫ Inspiron 3490 Firmware Version < 1.5.0

Dell ≫ Inspiron 3490 Version-

Dell ≫ Inspiron 3493 Firmware Version < 1.4.0

Dell ≫ Inspiron 3493 Version-

Dell ≫ Inspiron 3580 Firmware Version < 1.7.0

Dell ≫ Inspiron 3580 Version-

Dell ≫ Inspiron 3581 Firmware Version < 1.6.0

Dell ≫ Inspiron 3581 Version-

Dell ≫ Inspiron 3583 Firmware Version < 1.7.0

Dell ≫ Inspiron 3583 Version-

Dell ≫ Inspiron 3584 Firmware Version < 1.6.0

Dell ≫ Inspiron 3584 Version-

Dell ≫ Inspiron 3590 Firmware Version < 1.5.0

Dell ≫ Inspiron 3590 Version-

Dell ≫ Inspiron 3593 Firmware Version < 1.4.0

Dell ≫ Inspiron 3593 Version-

Dell ≫ Inspiron 3780 Firmware Version < 1.7.0

Dell ≫ Inspiron 3780 Version-

Dell ≫ Inspiron 3781 Firmware Version < 1.6.0

Dell ≫ Inspiron 3781 Version-

Dell ≫ Inspiron 3790 Firmware Version < 1.5.0

Dell ≫ Inspiron 3790 Version-

Dell ≫ Inspiron 3793 Firmware Version < 1.4.0

Dell ≫ Inspiron 3793 Version-

Dell ≫ Inspiron 5390 Firmware Version < 1.7.1

Dell ≫ Inspiron 5390 Version-

Dell ≫ Inspiron 5391 Firmware Version < 1.3.0

Dell ≫ Inspiron 5391 Version-

Dell ≫ Inspiron 5480 Firmware Version < 2.6.1

Dell ≫ Inspiron 5480 Version-

Dell ≫ Inspiron 5481 Firmware Version < 2.6.1

Dell ≫ Inspiron 5481 Version-

Dell ≫ Inspiron 5482 Firmware Version <= 2.6.1

Dell ≫ Inspiron 5482 Version-

Dell ≫ Inspiron 5491 Firmware Version < 1.4.0

Dell ≫ Inspiron 5491 Version-

Dell ≫ Inspiron 5493 Firmware Version < 1.4.0

Dell ≫ Inspiron 5493 Version-

Dell ≫ Inspiron 5494 Firmware Version < 1.5.0

Dell ≫ Inspiron 5494 Version-

Dell ≫ Inspiron 5498 Firmware Version < 1.4.0

Dell ≫ Inspiron 5498 Version-

Dell ≫ Inspiron 5580 Firmware Version < 2.6.1

Dell ≫ Inspiron 5580 Version-

Dell ≫ Inspiron 5582 Firmware Version < 2.6.1

Dell ≫ Inspiron 5582 Version-

Dell ≫ Inspiron 5583 Firmware Version < 1.9.1

Dell ≫ Inspiron 5583 Version-

Dell ≫ Inspiron 5584 Firmware Version < 1.9.1

Dell ≫ Inspiron 5584 Version-

Dell ≫ Inspiron 5590 Firmware Version < 1.4.0

Dell ≫ Inspiron 5590 Version-

Dell ≫ Inspiron 5591 Firmware Version < 1.4.0

Dell ≫ Inspiron 5591 Version-

Dell ≫ Inspiron 5593 Firmware Version < 1.4.0

Dell ≫ Inspiron 5593 Version-

Dell ≫ Inspiron 5594 Firmware Version < 1.5.0

Dell ≫ Inspiron 5594 Version-

Dell ≫ Inspiron 5598 Firmware Version < 1.4.0

Dell ≫ Inspiron 5598 Version-

Dell ≫ Inspiron 7380 Firmware Version < 1.10.0

Dell ≫ Inspiron 7380 Version-

Dell ≫ Inspiron 7386 Firmware Version < 1.7.0

Dell ≫ Inspiron 7386 Version-

Dell ≫ Inspiron 7390 Firmware Version < 1.7.1

Dell ≫ Inspiron 7390 Version-

Dell ≫ Inspiron 7391 Firmware Version < 1.3.0

Dell ≫ Inspiron 7391 Version-

Dell ≫ Inspiron 7490 Firmware Version < 1.2.1

Dell ≫ Inspiron 7490 Version-

Dell ≫ Inspiron 7580 Firmware Version < 1.10.0

Dell ≫ Inspiron 7580 Version-

Dell ≫ Inspiron 7586 Firmware Version < 1.7.0

Dell ≫ Inspiron 7586 Version-

Dell ≫ Inspiron 7590 Firmware Version < 1.5.1

Dell ≫ Inspiron 7590 Version-

Dell ≫ Inspiron 7591 Firmware Version < 1.5.1

Dell ≫ Inspiron 7591 Version-

Dell ≫ Inspiron 7786 Firmware Version < 1.7.0

Dell ≫ Inspiron 7786 Version-

Dell ≫ Inspiron 7791 Firmware Version < 1.3.1

Dell ≫ Inspiron 7791 Version-

Dell ≫ Latitude 3301 Firmware Version < 1.7.0

Dell ≫ Latitude 3301 Version-

Dell ≫ Latitude 3300 Firmware Version < 1.7.2

Dell ≫ Latitude 3300 Version-

Dell ≫ Latitude 3311 Firmware Version < 1.3.0

Dell ≫ Latitude 3311 Version-

Dell ≫ Latitude 3390 Firmware Version < 1.12.0

Dell ≫ Latitude 3390 Version-

Dell ≫ Latitude 3400 Firmware Version < 1.9.2

Dell ≫ Latitude 3400 Version-

Dell ≫ Latitude 3490 Firmware Version < 1.11.0

Dell ≫ Latitude 3490 Version-

Dell ≫ Latitude 3500 Firmware Version < 1.9.2

Dell ≫ Latitude 3500 Version-

Dell ≫ Latitude 3590 Firmware Version < 1.11.0

Dell ≫ Latitude 3590 Version-

Dell ≫ Latitude 5290 Firmware Version < 1.12.1

Dell ≫ Latitude 5290 Version-

Dell ≫ Latitude 5300 Firmware Version < 1.7.2

Dell ≫ Latitude 5300 Version-

Dell ≫ Latitude 5400 Firmware Version < 1.6.3

Dell ≫ Latitude 5400 Version-

Dell ≫ Latitude 5401 Firmware Version < 1.6.1

Dell ≫ Latitude 5401 Version-

Dell ≫ Latitude 5420 Rugged Firmware Version < 1.8.5

Dell ≫ Latitude 5420 Rugged Version-

Dell ≫ Latitude 5424 Rugged Firmware Version < 1.8.5

Dell ≫ Latitude 5424 Rugged Version-

Dell ≫ Latitude 5490 Firmware Version < 1.12.1

Dell ≫ Latitude 5490 Version-

Dell ≫ Latitude 5491 Firmware Version < 1.11.1

Dell ≫ Latitude 5491 Version-

Dell ≫ Latitude 5500 Firmware Version < 1.6.3

Dell ≫ Latitude 5500 Version-

Dell ≫ Latitude 5501 Firmware Version < 1.6.1

Dell ≫ Latitude 5501 Version-

Dell ≫ Latitude 5590 Firmware Version < 1.12.1

Dell ≫ Latitude 5590 Version-

Dell ≫ Latitude 5591 Firmware Version < 1.11.1

Dell ≫ Latitude 5591 Version-

Dell ≫ Latitude 7200 Firmware Version < 1.6.2

Dell ≫ Latitude 7200 Version-

Dell ≫ Latitude 7220 Rugged Extreme Tablet Firmware Version < 1.3.1

Dell ≫ Latitude 7220 Rugged Extreme Tablet Version-

Dell ≫ Latitude 7220ex Rugged Extreme Tablet Firmware Version < 1.3.1

Dell ≫ Latitude 7220ex Rugged Extreme Tablet Version-

Dell ≫ Latitude 7290 Firmware Version < 1.13.1

Dell ≫ Latitude 7290 Version-

Dell ≫ Latitude 7300 Firmware Version < 1.6.1

Dell ≫ Latitude 7300 Version-

Dell ≫ Latitude 7390 Firmware Version < 1.13.1

Dell ≫ Latitude 7390 Version-

Dell ≫ Latitude 7400 Firmware Version < 1.6.1

Dell ≫ Latitude 7400 Version-

Dell ≫ Latitude 7424 Rugged Extreme Firmware Version < 1.8.5

Dell ≫ Latitude 7424 Rugged Extreme Version-

Dell ≫ Latitude 7490 Firmware Version < 1.13.1

Dell ≫ Latitude 7490 Version-

Dell ≫ Precision 3530 Firmware Version < 1.11.1

Dell ≫ Precision 3530 Version-

Dell ≫ Precision 3540 Firmware Version < 1.6.3

Dell ≫ Precision 3540 Version-

Dell ≫ Precision 3541 Firmware Version < 1.6.1

Dell ≫ Precision 3541 Version-

Dell ≫ Precision 5530 Firmware Version < 1.14.0

Dell ≫ Precision 5530 Version-

Dell ≫ Precision 5540 Firmware Version < 1.6.3

Dell ≫ Precision 5540 Version-

Dell ≫ Precision 7530 Firmware Version < 1.12.1

Dell ≫ Precision 7530 Version-

Dell ≫ Precision 7540 Firmware Version < 1.5.1

Dell ≫ Precision 7540 Version-

Dell ≫ Precision 7730 Firmware Version < 1.12.1

Dell ≫ Precision 7730 Version-

Dell ≫ Precision 7740 Firmware Version < 1.5.1

Dell ≫ Precision 7740 Version-

Dell ≫ Vostro 15 7580 Firmware Version < 1.12.2

Dell ≫ Vostro 15 7580 Version-

Dell ≫ Vostro 3480 Firmware Version < 1.7.0

Dell ≫ Vostro 3480 Version-

Dell ≫ Vostro 3481 Firmware Version < 1.6.0

Dell ≫ Vostro 3481 Version-

Dell ≫ Vostro 3490 Firmware Version < 1.5.0

Dell ≫ Vostro 3490 Version-

Dell ≫ Vostro 3580 Firmware Version < 1.7.0

Dell ≫ Vostro 3580 Version-

Dell ≫ Vostro 3581 Firmware Version < 1.6.0

Dell ≫ Vostro 3581 Version-

Dell ≫ Vostro 3583 Firmware Version < 1.7.0

Dell ≫ Vostro 3583 Version-

Dell ≫ Vostro 3584 Firmware Version < 1.6.0

Dell ≫ Vostro 3584 Version-

Dell ≫ Vostro 3590 Firmware Version < 1.5.0

Dell ≫ Vostro 3590 Version-

Dell ≫ Vostro 5390 Firmware Version < 1.7.1

Dell ≫ Vostro 5390 Version-

Dell ≫ Vostro 5391 Firmware Version < 1.3.0

Dell ≫ Vostro 5391 Version-

Dell ≫ Vostro 5481 Firmware Version < 2.6.1

Dell ≫ Vostro 5481 Version-

Dell ≫ Vostro 5490 Firmware Version < 1.4.0

Dell ≫ Vostro 5490 Version-

Dell ≫ Vostro 5581 Firmware Version < 2.6.1

Dell ≫ Vostro 5581 Version-

Dell ≫ Vostro 5590 Firmware Version < 1.4.0

Dell ≫ Vostro 5590 Version-

Dell ≫ Vostro 7590 Firmware Version < 1.5.1

Dell ≫ Vostro 7590 Version-

Dell ≫ Wyse 5070 Thin Client Firmware Version < 1.4.2

Dell ≫ Wyse 5070 Thin Client Version-

Dell ≫ Wyse 5470 Firmware Version < 1.2.1

Dell ≫ Wyse 5470 Version-

Dell ≫ Xps 13 9380 Firmware Version < 1.9.1

Dell ≫ Xps 13 9380 Version-

Dell ≫ Xps 15 9575 Firmware Version < 1.10.0

Dell ≫ Xps 15 9575 Version-

Dell ≫ Xps 15 7590 Firmware Version < 1.4.0

Dell ≫ Xps 15 7590 Version-

Dell ≫ Xps 15 9570 Firmware Version < 1.14.0

Dell ≫ Xps 15 9570 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.283

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	2.6	1.9	4.9	AV:L/AC:H/Au:N/C:N/I:P/A:P
security_alert@emc.com	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://www.dell.com/support/article/SLN320348

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5324

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5324

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5324

EUVD