1. Home
  2. CVE Database
  3. CVE-2020-5363
HIGH · 8.6

CVE-2020-5363

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Adm...

Vulnerability Description

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DellLatitude 5300 Firmware< 1.9.4
DellLatitude 5300-
DellLatitude 5300 2-In-1 Firmware< 1.9.4
DellLatitude 5300 2-In-1-
DellLatitude 5400 Firmware< 1.7.4
DellLatitude 5400-
DellLatitude 5401 Firmware< 1.8.4
DellLatitude 5401-
DellLatitude 5500 Firmware< 1.7.4
DellLatitude 5500-
DellLatitude 5501 Firmware< 1.8.4
DellLatitude 5501-
DellLatitude 7200 2 In 1 Firmware< 1.8.0
DellLatitude 7200 2 In 1-
DellLatitude 7220 Firmware< 1.6.0
DellLatitude 7220-
DellLatitude 7220Ex Rugged Extreme Tablet Firmware< 1.6.0
DellLatitude 7220Ex Rugged Extreme Tablet-
DellLatitude 7300 Firmware< 1.7.4
DellLatitude 7300-

Related Weaknesses (CWE)

CWE-158

References

FAQ

What is CVE-2020-5363?

CVE-2020-5363 is a vulnerability with a CVSS score of 8.6 (HIGH). Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Adm...

How severe is CVE-2020-5363?

CVE-2020-5363 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5363?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Latitude 5300 Firmware, Dell Latitude 5300, Dell Latitude 5300 2-In-1 Firmware, Dell Latitude 5300 2-In-1, Dell Latitude 5400 Firmware.