Page 9 of 42 results (0.001 seconds)

CVSS: 6.1EPSS: 0%CPEs: 348EXPL: 0

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. Las plataformas afectadas de Dell Client contienen una vulnerabilidad de omisión de autenticación de la configuración de BIOS Setup en el menú de pre-arranque de Intel Rapid Storage Response Technology (iRST). Un atacante con acceso físico al sistema, podría realizar cambios no autorizados en la configuración del BIOS sin requerir la contraseña de BIOS Admin al seleccionar la opción Optimized Defaults en el pre-arranque de iRST Manager. • https://www.dell.com/support/article/SLN320337 • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.1EPSS: 0%CPEs: 226EXPL: 0

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. Dell Client Consumer and Commercial Platforms, contiene una Vulnerabilidad de Sobrescritura de Archivos Arbitrarios. • https://www.dell.com/support/article/SLN320348 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-427: Uncontrolled Search Path Element •