CVE-2020-5363

Published: Jun 10, 2020Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Affected (18)

Products: Dell: Latitude 5300 Firmware, Latitude 5300 2 In 1 Firmware, Latitude 5400 Firmware, Latitude 5401 Firmware, Latitude 5500 Firmware, Latitude 5501 Firmware, Latitude 7200 2 In 1 Firmware, Latitude 7220 Firmware, Latitude 7220ex Rugged Extreme Tablet Firmware, Latitude 7300 Firmware, Latitude 7400 Firmware, Precision 3540 Firmware, Precision 3541 Firmware, Precision 7540 Firmware, Precision 7740 Firmware, Xps 13 9300 Firmware, Xps 7390 2 In 1 Firmware, Xps 7590 Firmware

Dell

18 products

Latitude 5300 Firmware

Latitude 5300 2 In 1 Firmware

Latitude 5400 Firmware

Latitude 5401 Firmware

Latitude 5500 Firmware

Latitude 5501 Firmware

Latitude 7200 2 In 1 Firmware

Latitude 7220 Firmware

Latitude 7220ex Rugged Extreme Tablet Firmware

Latitude 7300 Firmware

Latitude 7400 Firmware

Precision 3540 Firmware

Precision 3541 Firmware

Precision 7540 Firmware

Precision 7740 Firmware

Xps 13 9300 Firmware

Xps 7390 2 In 1 Firmware

Xps 7590 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5300 Firmware	Before 1.9.4

Running on/with	Platform Versions
Dell Latitude 5300	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5300 2 In 1 Firmware	Before 1.9.4

Running on/with	Platform Versions
Dell Latitude 5300 2 In 1	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5400 Firmware	Before 1.7.4

Running on/with	Platform Versions
Dell Latitude 5400	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5401 Firmware	Before 1.8.4

Running on/with	Platform Versions
Dell Latitude 5401	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5500 Firmware	Before 1.7.4

Running on/with	Platform Versions
Dell Latitude 5500	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5501 Firmware	Before 1.8.4

Running on/with	Platform Versions
Dell Latitude 5501	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7200 2 In 1 Firmware	Before 1.8.0

Running on/with	Platform Versions
Dell Latitude 7200 2 In 1	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7220 Firmware	Before 1.6.0

Running on/with	Platform Versions
Dell Latitude 7220	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7220ex Rugged Extreme Tablet Firmware	Before 1.6.0

Running on/with	Platform Versions
Dell Latitude 7220ex Rugged Extreme Tablet	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7300 Firmware	Before 1.7.4

Running on/with	Platform Versions
Dell Latitude 7300	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7400 Firmware	Before 1.7.4

Running on/with	Platform Versions
Dell Latitude 7400	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Precision 3540 Firmware	Before 1.7.4

Running on/with	Platform Versions
Dell Precision 3540	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Precision 3541 Firmware	Before 1.8.4

Running on/with	Platform Versions
Dell Precision 3541	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Precision 7540 Firmware	Before 1.9.0

Running on/with	Platform Versions
Dell Precision 7540	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Precision 7740 Firmware	Before 1.9.0

Running on/with	Platform Versions
Dell Precision 7740	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Xps 13 9300 Firmware	Before 1.0.11

Running on/with	Platform Versions
Dell Xps 13 9300	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Xps 7390 2 In 1 Firmware	Before 1.4.0

Running on/with	Platform Versions
Dell Xps 7390 2 In 1	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Xps 7590 Firmware	Before 1.7.0

Running on/with	Platform Versions
Dell Xps 7590	All versions

Related CWEs

CWE-158

Improper Neutralization of Null Byte or NUL Character

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

References (2)

https://www.dell.com/support/article/SLN321604

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/article/SLN321604

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.