CVE-2020-5362

high-risk

Published 2020-06-10

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.1/10 High

LOCAL / LOW complexity

Affected Products (20)

Chengming 3967 Firmware

Chengming 3977 Firmware

Chengming 3980 Firmware

Chengming 3988 Firmware

Chengming 3990 Firmware

Chengming 3991 Firmware

G3 15 3500 Firmware

G3 15 3590 Firmware

G3 3579 Firmware

G3 3779 Firmware

G5 15 5500 Firmware

G5 15 5590 Firmware

G5 5587 Firmware

G7 15 7590 Firmware

G7 17 7790 Firmware

G7 7588 Firmware

Embedded Box Pc 5000 Firmware

G5 5090 Firmware

Inspiron 11 2-In-1 3153 Firmware

Inspiron 11 2-In-1 3158 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/article/SLN321726

/ 100

high-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical