CVE-2020-5363

moderate-risk

Published 2020-06-10

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.6/10 High

LOCAL / LOW complexity

Affected Products (18)

Latitude 5300 Firmware

Latitude 5300 2-In-1 Firmware

Latitude 5400 Firmware

Latitude 5401 Firmware

Latitude 5500 Firmware

Latitude 5501 Firmware

Latitude 7200 2 In 1 Firmware

Latitude 7220 Firmware

Latitude 7220Ex Rugged Extreme Tablet Firmware

Latitude 7300 Firmware

Latitude 7400 Firmware

Precision 3540 Firmware

Precision 3541 Firmware

Precision 7540 Firmware

Precision 7740 Firmware

Xps 13 9300 Firmware

Xps 7390 2-In-1 Firmware

Xps 7590 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/article/SLN321604

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 19/34 · Moderate