CVE-2020-5324

Name: CVE-2020-5324
Creator: NVD / NIST
Published: 2020-02-21T15:15:12.047+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.4/10EPSS 0.25%

Last modified Jun 17, 2026

CVE-2020-5324 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Metrics

CVSS 3.1

4.4/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

EPSS Probability

0.25%

16.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Dell	G3 3579 Firmware	< 1.11.0
Dell	G3 3779 Firmware	< 1.11.0
Dell	G3 15 3590 Firmware	< 1.9.2
Dell	G5 15 5590 Firmware	< 1.11.1
Dell	G5 5090 Firmware	< 1.1.2
Dell	G5 5587 Firmware	< 1.12.2
Dell	G7 15 7590 Firmware	< 1.11.1
Dell	G7 17 7790 Firmware	< 1.11.1
Dell	G7 7588 Firmware	< 1.12.2
Dell	Inspiron 14 5490 Firmware	< 1.4.0
Dell	Inspiron 3480 Firmware	< 1.7.0
Dell	Inspiron 3481 Firmware	< 1.6.0
Dell	Inspiron 3490 Firmware	< 1.5.0
Dell	Inspiron 3493 Firmware	< 1.4.0
Dell	Inspiron 3580 Firmware	< 1.7.0
Dell	Inspiron 3581 Firmware	< 1.6.0
Dell	Inspiron 3583 Firmware	< 1.7.0
Dell	Inspiron 3584 Firmware	< 1.6.0
Dell	Inspiron 3590 Firmware	< 1.5.0
Dell	Inspiron 3593 Firmware	< 1.4.0
Dell	Inspiron 3780 Firmware	< 1.7.0
Dell	Inspiron 3781 Firmware	< 1.6.0
Dell	Inspiron 3790 Firmware	< 1.5.0
Dell	Inspiron 3793 Firmware	< 1.4.0
Dell	Inspiron 5390 Firmware	< 1.7.1
Dell	Inspiron 5391 Firmware	< 1.3.0
Dell	Inspiron 5480 Firmware	< 2.6.1
Dell	Inspiron 5481 Firmware	< 2.6.1
Dell	Inspiron 5482 Firmware	<= 2.6.1
Dell	Inspiron 5491 Firmware	< 1.4.0
Dell	Inspiron 5493 Firmware	< 1.4.0
Dell	Inspiron 5494 Firmware	< 1.5.0
Dell	Inspiron 5498 Firmware	< 1.4.0
Dell	Inspiron 5580 Firmware	< 2.6.1
Dell	Inspiron 5582 Firmware	< 2.6.1
Dell	Inspiron 5583 Firmware	< 1.9.1
Dell	Inspiron 5584 Firmware	< 1.9.1
Dell	Inspiron 5590 Firmware	< 1.4.0
Dell	Inspiron 5591 Firmware	< 1.4.0
Dell	Inspiron 5593 Firmware	< 1.4.0
Dell	Inspiron 5594 Firmware	< 1.5.0
Dell	Inspiron 5598 Firmware	< 1.4.0
Dell	Inspiron 7380 Firmware	< 1.10.0
Dell	Inspiron 7386 Firmware	< 1.7.0
Dell	Inspiron 7390 Firmware	< 1.7.1
Dell	Inspiron 7391 Firmware	< 1.3.0
Dell	Inspiron 7490 Firmware	< 1.2.1
Dell	Inspiron 7580 Firmware	< 1.10.0
Dell	Inspiron 7586 Firmware	< 1.7.0
Dell	Inspiron 7590 Firmware	< 1.5.1

Showing 50 of 113 affected configurations. See NVD for the full list.

References

https://www.dell.com/support/article/SLN320348Vendor Advisory
https://www.dell.com/support/article/SLN320348Vendor Advisory

Timeline

Published: Feb 21, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-5324?

How severe is CVE-2020-5324?

CVE-2020-5324 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.

How do I fix CVE-2020-5324?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-5324?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST