CVSS: 8.2EPSS: 0%CPEs: 61EXPL: 0CVE-2021-21522
https://notcve.org/view.php?id=CVE-2021-21522
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface. Dell BIOS contiene un problema de Administración de Credenciales. Un usuario malicioso autenticado localmente puede explotar potencialmente esta vulnerabilidad para conseguir acceso a información confidencial en un almacenamiento NVMe al restablecer la contraseña del BIOS en el sistema por medio de la interfaz de administración • https://www.dell.com/support/kbdoc/000191495 • CWE-255: Credentials Management Errors •
CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2020-5363
https://notcve.org/view.php?id=CVE-2020-5363
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive. Plataformas Select Dell Client Consumer and Commercial, incluyen un problema que permite cambiar la contraseña de administrador de BIOS por medio de la interfaz de administración de Dell sin conocer la contraseña de administrador de BIOS actual. Potencialmente, esto podría permitir a un actor no autorizado, con acceso físico y/o privilegios de administrador del sistema operativo al dispositivo, obtener acceso privilegiado a la plataforma y al disco duro • https://www.dell.com/support/article/SLN321604 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.1EPSS: 0%CPEs: 708EXPL: 0CVE-2020-5362
https://notcve.org/view.php?id=CVE-2020-5362
Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. Plataformas Dell Client Consumer and Commercial, incluyen una vulnerabilidad de autorización inapropiada en la interfaz de Administración de Dell para la cual un actor no autorizado, con acceso al sistema local con privilegios de administrador del Sistema Operativo, podría omitir la autenticación del Administrador del BIOS para restaurar la configuración de BIOS Setup a los valores predeterminados • https://www.dell.com/support/article/SLN321726 • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 348EXPL: 0CVE-2020-5326
https://notcve.org/view.php?id=CVE-2020-5326
Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. Las plataformas afectadas de Dell Client contienen una vulnerabilidad de omisión de autenticación de la configuración de BIOS Setup en el menú de pre-arranque de Intel Rapid Storage Response Technology (iRST). Un atacante con acceso físico al sistema, podría realizar cambios no autorizados en la configuración del BIOS sin requerir la contraseña de BIOS Admin al seleccionar la opción Optimized Defaults en el pre-arranque de iRST Manager. • https://www.dell.com/support/article/SLN320337 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.1EPSS: 0%CPEs: 226EXPL: 0CVE-2020-5324
https://notcve.org/view.php?id=CVE-2020-5324
Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. Dell Client Consumer and Commercial Platforms, contiene una Vulnerabilidad de Sobrescritura de Archivos Arbitrarios. • https://www.dell.com/support/article/SLN320348 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-427: Uncontrolled Search Path Element •