CVE-2020-5378
https://notcve.org/view.php?id=CVE-2020-5378
Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). El BIOS de Dell G7 17 7790 versiones anteriores a 1.13.2 contienen una vulnerabilidad de sobrescritura de UEFI BIOS Boot Services. Un atacante local con acceso a la memoria del sistema puede aprovechar esta vulnerabilidad al sobrescribir la estructura de EFI_BOOT_SERVICES para ejecutar código arbitrario en System Management Mode (SMM) • https://www.dell.com/support/article/SLN322616 • CWE-416: Use After Free •
CVE-2020-5362
https://notcve.org/view.php?id=CVE-2020-5362
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. Plataformas Dell Client Consumer and Commercial, incluyen una vulnerabilidad de autorización inapropiada en la interfaz de Administración de Dell para la cual un actor no autorizado, con acceso al sistema local con privilegios de administrador del Sistema Operativo, podría omitir la autenticación del Administrador del BIOS para restaurar la configuración de BIOS Setup a los valores predeterminados • https://www.dell.com/support/article/SLN321726 • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVE-2020-5324
https://notcve.org/view.php?id=CVE-2020-5324
Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. Dell Client Consumer and Commercial Platforms, contiene una Vulnerabilidad de Sobrescritura de Archivos Arbitrarios. • https://www.dell.com/support/article/SLN320348 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-427: Uncontrolled Search Path Element •