CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5361
https://notcve.org/view.php?id=CVE-2020-5361
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication. Plataformas Select Dell Client Commercial and Consumer, admiten una capacidad de restablecimiento de contraseña del BIOS que ha sido diseñada para ayudar a clientes autorizados que olvidan sus contraseñas. • https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29498
https://notcve.org/view.php?id=CVE-2020-29498
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. Dell Wyse Management Suite versiones anteriores a 3.1, contienen una vulnerabilidad de redireccionamiento abierto. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad para redireccionar a los usuarios de la aplicación hacia una URL web arbitraria al engañar a usuarios víctimas para hacer clic sobre enlaces diseñados maliciosamente. • https://www.dell.com/support/kbdoc/en-us/000180983/dsa-2020-282 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29497
https://notcve.org/view.php?id=CVE-2020-29497
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. Dell Wyse Management Suite versiones anteriores a 3.1, contienen una vulnerabilidad de tipo cross-site scripting almacenado. Un usuario malicioso autenticado remoto con pocos privilegios podría explotar esta vulnerabilidad para almacenar código HTML o JavaScript malicioso en la etiqueta del dispositivo. • https://www.dell.com/support/kbdoc/en-us/000180983/dsa-2020-282 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29496
https://notcve.org/view.php?id=CVE-2020-29496
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. Dell Wyse Management Suite versiones anteriores a 3.1, contienen una vulnerabilidad de tipo cross-site scripting almacenado. Un usuario malicioso autenticado remoto con altos privilegios podría potencialmente explotar esta vulnerabilidad para almacenar código HTML o JavaScript malicioso mientras crea el Usuario Final. • https://www.dell.com/support/kbdoc/en-us/000180983/dsa-2020-282 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-29492
https://notcve.org/view.php?id=CVE-2020-29492
Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station. Dell Wyse ThinOS versiones 8.6 y anteriores, contienen una vulnerabilidad de configuración predeterminada no segura. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad para acceder al archivo grabable y manipular la configuración de cualquier estación específica objetivo. • https://www.dell.com/support/kbdoc/en-us/000180768/dsa-2020-281 • CWE-276: Incorrect Default Permissions •