Vulnerability Description
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Dock Wd15 Firmware | < 1.0.8 |
| Dell | Dock Wd15 | - |
| Dell | Dock Wd19 Firmware | < 1.0.14 |
| Dell | Dock Wd19 | - |
| Dell | Thunderbolt Dock Tb16 Firmware | < 1.0.4 |
| Dell | Thunderbolt Dock Tb16 | - |
| Dell | Precision Dual Usb-C Thunderbolt Dock - Tb18Dc Firmware | < 1.0.10 |
| Dell | Precision Dual Usb-C Thunderbolt Dock - Tb18Dc | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/article/SLN321564Vendor Advisory
- https://www.dell.com/support/article/SLN321564Vendor Advisory
FAQ
What is CVE-2020-5357?
CVE-2020-5357 is a vulnerability with a CVSS score of 7.1 (HIGH). Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware U...
How severe is CVE-2020-5357?
CVE-2020-5357 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5357?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Dock Wd15 Firmware, Dell Dock Wd15, Dell Dock Wd19 Firmware, Dell Dock Wd19, Dell Thunderbolt Dock Tb16 Firmware.