CVE-2020-5326 — MEDIUM (6.1)

Q: How severe is CVE-2020-5326?

CVE-2020-5326 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5326?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Chengming 3980 Firmware, Dell Chengming 3980, Dell G3 3579 Firmware, Dell G3 3579, Dell G3 3590 Firmware.

Vulnerability Description

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	Chengming 3980 Firmware	< 2.13.0
Dell	Chengming 3980	-
Dell	G3 3579 Firmware	< 1.10.0
Dell	G3 3579	-
Dell	G3 3590 Firmware	< 1.4.3
Dell	G3 3590	-
Dell	G3 3779 Firmware	< 1.10.0
Dell	G3 3779	-
Dell	G5 5587 Firmware	< 1.11.1
Dell	G5 5587	-
Dell	G5 5590 Firmware	< 1.8.0
Dell	G5 5590	-
Dell	G7 7588 Firmware	< 1.11.1
Dell	G7 7588	-
Dell	G7 7590 Firmware	< 1.8.0
Dell	G7 7590	-
Dell	G7 7790 Firmware	< 1.8.0
Dell	G7 7790	-
Dell	Embedded Box Pc 5000 Firmware	< 1.6.0
Dell	Embedded Box Pc 5000	-

Related Weaknesses (CWE)

CWE-306

References

https://www.dell.com/support/article/SLN320337Vendor Advisory
https://www.dell.com/support/article/SLN320337Vendor Advisory

FAQ

What is CVE-2020-5326?

CVE-2020-5326 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with phys...

How severe is CVE-2020-5326?

CVE-2020-5326 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5326?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Chengming 3980 Firmware, Dell Chengming 3980, Dell G3 3579 Firmware, Dell G3 3579, Dell G3 3590 Firmware.