Strix
26.1K

CVE-2020-5362

MEDIUMCVSS 4.4/10EPSS 0.29%

Last modified

CVE-2020-5362 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Metrics

CVSS 3.1
4.4/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
0.29%

20.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellChengming 3967 Firmware< 1.9.0
DellChengming 3977 Firmware< 1.9.0
DellChengming 3980 Firmware< 2.16.0
DellChengming 3988 Firmware< 1.3.0
DellChengming 3990 Firmware< 1.1.3
DellChengming 3991 Firmware< 1.1.3
DellG3 15 3500 Firmware< 1.2.1
DellG3 15 3590 Firmware< 1.11.0
DellG3 3579 Firmware< 1.13.0
DellG3 3779 Firmware< 1.13.0
DellG5 15 5500 Firmware< 1.2.1
DellG5 15 5590 Firmware< 1.13.2
DellG5 5587 Firmware< 1.14.0
DellG7 15 7590 Firmware< 1.13.2
DellG7 17 7790 Firmware< 1.13.2
DellG7 7588 Firmware< 1.14.0
DellEmbedded Box Pc 5000 Firmware< 1.8.0
DellG5 5090 Firmware< 1.3.0
DellInspiron 11 2-In-1 3153 Firmware< 1.25.0
DellInspiron 11 2-In-1 3158 Firmware< 1.25.0
DellInspiron 13 7370 Firmware< 1.17.0
DellInspiron 13 2-In-1 5368 Firmware< 1.22.0
DellInspiron 13 2-In-1 5378 Firmware< 1.30.0
DellInspiron 13 2-In-1 5379 Firmware< 1.14.0
DellInspiron 13 2-In-1 7353 Firmware< 1.25.0
DellInspiron 13 2-In-1 7359 Firmware< 1.25.0
DellInspiron 13 2-In-1 7368 Firmware< 1.22.0
DellInspiron 13 2-In-1 7373 Firmware< 1.17.0
DellInspiron 13 2-In-1 7378 Firmware< 1.30.0
DellInspiron 14 3458 Firmware< a21
DellInspiron 14 3459 Firmware< 1.12.0
DellInspiron 14 3467 Firmware< 2.12.0
DellInspiron 14 3468 Firmware< 1.15.0
DellInspiron 14 3473 Firmware< 1.9.0
DellInspiron 14 5468 Firmware< 1.12.1
DellInspiron 14 5490 Firmware< 1.10.0
DellInspiron 14 7460 Firmware< 1.13.2
DellInspiron 14 Gaming 7466 Firmware< 1.7.0
DellInspiron 14 Gaming 7467 Firmware< 1.12.1
DellInspiron 15 3559 Firmware< 1.12.0
DellInspiron 15 3567 Firmware< 2.12.0
DellInspiron 15 3568 Firmware< 1.15.0
DellInspiron 15 5566 Firmware< 1.12.1
DellInspiron 15 5567 Firmware< 1.2.11
DellInspiron 15 7560 Firmware< 1.13.2
DellInspiron 15 7570 Firmware< 1.17.0
DellInspiron 15 7572 Firmware< 1.5.2
DellInspiron 15 2-In-1 5568 Firmware< 1.22.0
DellInspiron 15 2-In-1 5578 Firmware< 1.30.0
DellInspiron 15 2-In-1 5579 Firmware< 1.14.0

Showing 50 of 354 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-5362?
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.
How severe is CVE-2020-5362?
CVE-2020-5362 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.
How do I fix CVE-2020-5362?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-5362?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST