CVE-2020-5363

EPSS 0.05%
Published 10.06.2020 21:15:11
Last modified 21.11.2024 05:34:00
Source security_alert@emc.com
Teams watchlist Login
Open Login

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Latitude 5300 Firmware Version < 1.9.4

Dell ≫ Latitude 5300 Version-

Dell ≫ Latitude 5300 2-in-1 Firmware Version < 1.9.4

Dell ≫ Latitude 5300 2-in-1 Version-

Dell ≫ Latitude 5400 Firmware Version < 1.7.4

Dell ≫ Latitude 5400 Version-

Dell ≫ Latitude 5401 Firmware Version < 1.8.4

Dell ≫ Latitude 5401 Version-

Dell ≫ Latitude 5500 Firmware Version < 1.7.4

Dell ≫ Latitude 5500 Version-

Dell ≫ Latitude 5501 Firmware Version < 1.8.4

Dell ≫ Latitude 5501 Version-

Dell ≫ Latitude 7200 2 In 1 Firmware Version < 1.8.0

Dell ≫ Latitude 7200 2 In 1 Version-

Dell ≫ Latitude 7220 Firmware Version < 1.6.0

Dell ≫ Latitude 7220 Version-

Dell ≫ Latitude 7220ex Rugged Extreme Tablet Firmware Version < 1.6.0

Dell ≫ Latitude 7220ex Rugged Extreme Tablet Version-

Dell ≫ Latitude 7300 Firmware Version < 1.7.4

Dell ≫ Latitude 7300 Version-

Dell ≫ Latitude 7400 Firmware Version < 1.7.4

Dell ≫ Latitude 7400 Version-

Dell ≫ Precision 3540 Firmware Version < 1.7.4

Dell ≫ Precision 3540 Version-

Dell ≫ Precision 3541 Firmware Version < 1.8.4

Dell ≫ Precision 3541 Version-

Dell ≫ Precision 7540 Firmware Version < 1.9.0

Dell ≫ Precision 7540 Version-

Dell ≫ Precision 7740 Firmware Version < 1.9.0

Dell ≫ Precision 7740 Version-

Dell ≫ Xps 13 9300 Firmware Version < 1.0.11

Dell ≫ Xps 13 9300 Version-

Dell ≫ Xps 7390 2-in-1 Firmware Version < 1.4.0

Dell ≫ Xps 7390 2-in-1 Version-

Dell ≫ Xps 7590 Firmware Version < 1.7.0

Dell ≫ Xps 7590 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.118

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
security_alert@emc.com	8.6	1.8	6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-158 Improper Neutralization of Null Byte or NUL Character

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

https://www.dell.com/support/article/SLN321604

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5363

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5363

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5363

EUVD