CVE-2020-5363

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2020-5363
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

6.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.dell.com/support/article/SLN321604 Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:latitude_5300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:latitude_5300_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5300_2-in-1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:latitude_5401_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5401:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:latitude_5501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5501:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:latitude_7200_2_in_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7200_2_in_1:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:latitude_7220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:latitude_7220ex_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7220ex_rugged_extreme_tablet:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:latitude_7300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:latitude_7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7400:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:precision_3540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3540:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:precision_3541_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3541:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:precision_7540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_7540:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:precision_7740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_7740:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:xps_13_9300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_13_9300:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:xps_7390_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_7390_2-in-1:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:xps_7590_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_7590:-:*:*:*:*:*:*:*
Information

Published : 2020-06-10 14:15

Updated : 2020-06-23 09:16

NVD link : CVE-2020-5363

Mitre link : CVE-2020-5363

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

dell

  • precision_3541_firmware
  • latitude_5300_2-in-1
  • xps_7590_firmware
  • latitude_5400_firmware
  • latitude_7220ex_rugged_extreme_tablet_firmware
  • xps_7590
  • latitude_7400
  • latitude_5500_firmware
  • latitude_5500
  • xps_7390_2-in-1
  • latitude_7220ex_rugged_extreme_tablet
  • xps_13_9300_firmware
  • precision_3540_firmware
  • xps_13_9300
  • latitude_5401_firmware
  • latitude_7200_2_in_1
  • xps_7390_2-in-1_firmware
  • latitude_5300
  • latitude_7220_firmware
  • latitude_5400
  • latitude_5300_2-in-1_firmware
  • latitude_5501_firmware
  • precision_3540
  • latitude_7220
  • precision_7740_firmware
  • precision_3541
  • latitude_5501
  • precision_7540
  • latitude_7300_firmware
  • latitude_7300
  • precision_7540_firmware
  • latitude_7400_firmware
  • precision_7740
  • latitude_5401
  • latitude_7200_2_in_1_firmware
  • latitude_5300_firmware