CVE-2020-5363

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:latitude_5300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:latitude_5300_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5300_2-in-1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:latitude_5401_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5401:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:latitude_5501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5501:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:latitude_7200_2_in_1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7200_2_in_1:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:latitude_7220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:latitude_7220ex_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7220ex_rugged_extreme_tablet:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:latitude_7300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7300:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:latitude_7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7400:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:precision_3540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3540:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:precision_3541_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3541:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:precision_7540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_7540:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:precision_7740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_7740:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:xps_13_9300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_13_9300:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:xps_7390_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_7390_2-in-1:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:xps_7590_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_7590:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:34

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : 6.7
v2 : 7.2
v3 : 8.6
References () https://www.dell.com/support/article/SLN321604 - Vendor Advisory () https://www.dell.com/support/article/SLN321604 - Vendor Advisory

Information

Published : 2020-06-10 21:15

Updated : 2024-11-21 05:34


NVD link : CVE-2020-5363

Mitre link : CVE-2020-5363

CVE.ORG link : CVE-2020-5363


JSON object : View

Products Affected

dell

  • xps_13_9300_firmware
  • latitude_5401_firmware
  • xps_7590
  • precision_7740_firmware
  • precision_3541
  • latitude_5501
  • latitude_7200_2_in_1
  • precision_3540
  • xps_7390_2-in-1
  • latitude_5300_2-in-1_firmware
  • xps_7590_firmware
  • latitude_7220_firmware
  • latitude_7200_2_in_1_firmware
  • latitude_7300
  • xps_13_9300
  • latitude_5400
  • latitude_5501_firmware
  • latitude_7400
  • precision_7540_firmware
  • xps_7390_2-in-1_firmware
  • latitude_7400_firmware
  • latitude_5300_firmware
  • latitude_5300
  • latitude_5300_2-in-1
  • latitude_5500
  • latitude_7220
  • precision_7740
  • precision_3540_firmware
  • latitude_5500_firmware
  • precision_3541_firmware
  • latitude_5401
  • latitude_7220ex_rugged_extreme_tablet_firmware
  • latitude_7220ex_rugged_extreme_tablet
  • precision_7540
  • latitude_7300_firmware
  • latitude_5400_firmware
CWE
CWE-158

Improper Neutralization of Null Byte or NUL Character

NVD-CWE-Other