CVE-2020-5326
Last modified
CVE-2020-5326 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Chengming 3980 Firmware | < 2.13.0 |
| Dell | G3 3579 Firmware | < 1.10.0 |
| Dell | G3 3590 Firmware | < 1.4.3 |
| Dell | G3 3779 Firmware | < 1.10.0 |
| Dell | G5 5587 Firmware | < 1.11.1 |
| Dell | G5 5590 Firmware | < 1.8.0 |
| Dell | G7 7588 Firmware | < 1.11.1 |
| Dell | G7 7590 Firmware | < 1.8.0 |
| Dell | G7 7790 Firmware | < 1.8.0 |
| Dell | Embedded Box Pc 5000 Firmware | < 1.6.0 |
| Dell | Inspiron 14 Gaming 7466 Firmware | < 1.5.0 |
| Dell | Inspiron 14 Gaming 7467 Firmware | < 1.10.0 |
| Dell | Inspiron 15 7572 Firmware | < 1.2.1 |
| Dell | Inspiron 15 Gaming 7566 Firmware | < 1.5.0 |
| Dell | Inspiron 15 Gaming 7567 Firmware | < 1.10.0 |
| Dell | Inspiron 15 Gaming 7577 Firmware | < 1.8.0 |
| Dell | Inspiron 3470 Firmware | < 2.13.0 |
| Dell | Inspiron 3480 Firmware | < 1.5.1 |
| Dell | Inspiron 3481 Firmware | < 1.4.0 |
| Dell | Inspiron 3580 Firmware | < 1.5.1 |
| Dell | Inspiron 3581 Firmware | < 1.4.0 |
| Dell | Inspiron 3583 Firmware | < 1.5.1 |
| Dell | Inspiron 3584 Firmware | < 1.4.0 |
| Dell | Inspiron 3670 Firmware | < 2.13.0 |
| Dell | Inspiron 3780 Firmware | < 1.5.1 |
| Dell | Inspiron 3781 Firmware | < 1.4.0 |
| Dell | Inspiron 5370 Firmware | < 1.12.0 |
| Dell | Inspiron 5480 Firmware | < 2.4.0 |
| Dell | Inspiron 5481 Firmware | < 2.4.0 |
| Dell | Inspiron 5482 Firmware | < 2.4.0 |
| Dell | Inspiron 5488 Firmware | < 2.4.0 |
| Dell | Inspiron 5570 Firmware | < 1.2.3 |
| Dell | Inspiron 5580 Firmware | < 2.4.0 |
| Dell | Inspiron 5582 Firmware | < 2.4.0 |
| Dell | Inspiron 5770 Firmware | < 1.2.3 |
| Dell | Inspiron 7380 Firmware | < 1.8.0 |
| Dell | Inspiron 7386 Firmware | < 1.5.0 |
| Dell | Inspiron 7472 Firmware | < 1.2.1 |
| Dell | Inspiron 7580 Firmware | < 1.8.0 |
| Dell | Inspiron 7586 Firmware | < 1.5.0 |
| Dell | Inspiron 7590 Firmware | < 1.1.1 |
| Dell | Inspiron 7591 Firmware | < 1.1.1 |
| Dell | Inspiron 7786 Firmware | < 1.5.0 |
| Dell | Latitude 3300 Firmware | < 1.4.0 |
| Dell | Latitude 3460 Firmware | < a17 |
| Dell | Latitude 3480 Firmware | < 1.12.0 |
| Dell | Latitude 3490 Firmware | < 1.9.9 |
| Dell | Latitude 3580 Firmware | < 1.12.0 |
| Dell | Latitude 3590 Firmware | < 1.9.9 |
| Dell | Latitude 5175 Firmware | < 1.7.1 |
Showing 50 of 174 affected configurations. See NVD for the full list.
References
- https://www.dell.com/support/article/SLN320337Vendor Advisory
- https://www.dell.com/support/article/SLN320337Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5326?
How severe is CVE-2020-5326?
How do I fix CVE-2020-5326?
Are you affected by CVE-2020-5326?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST