CVE-2020-5324 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2020-5324?

CVE-2020-5324 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5324?

Check the references section above for vendor advisories and patch information. Affected products include: Dell G3 3579 Firmware, Dell G3 3579, Dell G3 3779 Firmware, Dell G3 3779, Dell G3 15 3590 Firmware.

Vulnerability Description

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	G3 3579 Firmware	< 1.11.0
Dell	G3 3579	-
Dell	G3 3779 Firmware	< 1.11.0
Dell	G3 3779	-
Dell	G3 15 3590 Firmware	< 1.9.2
Dell	G3 15 3590	-
Dell	G5 15 5590 Firmware	< 1.11.1
Dell	G5 15 5590	-
Dell	G5 5090 Firmware	< 1.1.2
Dell	G5 5090	-
Dell	G5 5587 Firmware	< 1.12.2
Dell	G5 5587	-
Dell	G7 15 7590 Firmware	< 1.11.1
Dell	G7 15 7590	-
Dell	G7 17 7790 Firmware	< 1.11.1
Dell	G7 17 7790	-
Dell	G7 7588 Firmware	< 1.12.2
Dell	G7 7588	-
Dell	Inspiron 14 5490 Firmware	< 1.4.0
Dell	Inspiron 14 5490	-

Related Weaknesses (CWE)

CWE-59 CWE-427

References

https://www.dell.com/support/article/SLN320348Vendor Advisory
https://www.dell.com/support/article/SLN320348Vendor Advisory

FAQ

What is CVE-2020-5324?

CVE-2020-5324 is a vulnerability with a CVSS score of 7.1 (HIGH). Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being exe...

How severe is CVE-2020-5324?

CVE-2020-5324 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5324?

Check the references section above for vendor advisories and patch information. Affected products include: Dell G3 3579 Firmware, Dell G3 3579, Dell G3 3779 Firmware, Dell G3 3779, Dell G3 15 3590 Firmware.