CVE-2020-5326

MEDIUM

Dell Client Platforms - BIOS Setup Authentication Bypass via iRST Manager Optimized Defaults

Title source: llm

Description

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/article/SLN320337

Scores

CVSS v3 6.1

EPSS 0.0006

EPSS Percentile 17.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H

Details

CWE

CWE-306

Status published

Products (50)

dell/chengming_3980_firmware < 2.13.0

dell/embedded_box_pc_5000_firmware < 1.6.0

dell/g3_3579_firmware < 1.10.0

dell/g3_3590_firmware < 1.4.3

dell/g3_3779_firmware < 1.10.0

dell/g5_5587_firmware < 1.11.1

dell/g5_5590_firmware < 1.8.0

dell/g7_7588_firmware < 1.11.1

dell/g7_7590_firmware < 1.8.0

dell/g7_7790_firmware < 1.8.0

... and 40 more

Published Feb 21, 2020

Tracked Since Feb 18, 2026