CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2020-5363
https://notcve.org/view.php?id=CVE-2020-5363
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive. Plataformas Select Dell Client Consumer and Commercial, incluyen un problema que permite cambiar la contraseña de administrador de BIOS por medio de la interfaz de administración de Dell sin conocer la contraseña de administrador de BIOS actual. Potencialmente, esto podría permitir a un actor no autorizado, con acceso físico y/o privilegios de administrador del sistema operativo al dispositivo, obtener acceso privilegiado a la plataforma y al disco duro • https://www.dell.com/support/article/SLN321604 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.1EPSS: 0%CPEs: 708EXPL: 0CVE-2020-5362
https://notcve.org/view.php?id=CVE-2020-5362
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. Plataformas Dell Client Consumer and Commercial, incluyen una vulnerabilidad de autorización inapropiada en la interfaz de Administración de Dell para la cual un actor no autorizado, con acceso al sistema local con privilegios de administrador del Sistema Operativo, podría omitir la autenticación del Administrador del BIOS para restaurar la configuración de BIOS Setup a los valores predeterminados • https://www.dell.com/support/article/SLN321726 • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 482EXPL: 0CVE-2019-3717
https://notcve.org/view.php?id=CVE-2019-3717
Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability. Las plataformas Select Dell Client Commercial and Consumer contienen una vulnerabilidad de Acceso Inapropiado. • https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en •