CVE-2020-5326

high-risk

Published 2020-02-21

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Chengming 3980 Firmware

G3 3579 Firmware

G3 3590 Firmware

G3 3779 Firmware

G5 5587 Firmware

G5 5590 Firmware

G7 7588 Firmware

G7 7590 Firmware

G7 7790 Firmware

Embedded Box Pc 5000 Firmware

Inspiron 14 Gaming 7466 Firmware

Inspiron 14 Gaming 7467 Firmware

Inspiron 15 7572 Firmware

Inspiron 15 Gaming 7566 Firmware

Inspiron 15 Gaming 7567 Firmware

Inspiron 15 Gaming 7577 Firmware

Inspiron 3470 Firmware

Inspiron 3480 Firmware

Inspiron 3481 Firmware

Inspiron 3580 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/article/SLN320337

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical