CVE-2020-5376

EPSS 0.05%
Published 02.09.2020 21:15:12
Last modified 21.11.2024 05:34:01
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Inspiron 7347 Bios Version < a13

Dell ≫ Inspiron 7347 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.11

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
security_alert@emc.com	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.dell.com/support/article/SLN322616

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5376

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5376

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5376

EUVD