CVE-2020-5362

HIGH

Dell Client Platforms - Unauthenticated BIOS Setup Configuration Reset via Manageability Interface

Title source: llm

Description

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/article/SLN321726

Scores

CVSS v3 7.1

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

Details

CWE

CWE-862 CWE-285

Status published

Products (50)

dell/chengming_3967_firmware < 1.9.0

dell/chengming_3977_firmware < 1.9.0

dell/chengming_3980_firmware < 2.16.0

dell/chengming_3988_firmware < 1.3.0

dell/chengming_3990_firmware < 1.1.3

dell/chengming_3991_firmware < 1.1.3

dell/embedded_box_pc_5000_firmware < 1.8.0

dell/g3_15_3500_firmware < 1.2.1

dell/g3_15_3590_firmware < 1.11.0

dell/g3_3579_firmware < 1.13.0

... and 40 more

Published Jun 10, 2020

Tracked Since Feb 18, 2026