Vulnerability Description
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Chengming 3967 Firmware | < 1.9.0 |
| Dell | Chengming 3967 | - |
| Dell | Chengming 3977 Firmware | < 1.9.0 |
| Dell | Chengming 3977 | - |
| Dell | Chengming 3980 Firmware | < 2.16.0 |
| Dell | Chengming 3980 | - |
| Dell | Chengming 3988 Firmware | < 1.3.0 |
| Dell | Chengming 3988 | - |
| Dell | Chengming 3990 Firmware | < 1.1.3 |
| Dell | Chengming 3990 | - |
| Dell | Chengming 3991 Firmware | < 1.1.3 |
| Dell | Chengming 3991 | - |
| Dell | G3 15 3500 Firmware | < 1.2.1 |
| Dell | G3 15 3500 | - |
| Dell | G3 15 3590 Firmware | < 1.11.0 |
| Dell | G3 15 3590 | - |
| Dell | G3 3579 Firmware | < 1.13.0 |
| Dell | G3 3579 | - |
| Dell | G3 3779 Firmware | < 1.13.0 |
| Dell | G3 3779 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/article/SLN321726Vendor Advisory
- https://www.dell.com/support/article/SLN321726Vendor Advisory
FAQ
What is CVE-2020-5362?
CVE-2020-5362 is a vulnerability with a CVSS score of 7.1 (HIGH). Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS admi...
How severe is CVE-2020-5362?
CVE-2020-5362 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5362?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Chengming 3967 Firmware, Dell Chengming 3967, Dell Chengming 3977 Firmware, Dell Chengming 3977, Dell Chengming 3980 Firmware.