// For flags

CVE-2020-5363

 

Severity Score

6.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Plataformas Select Dell Client Consumer and Commercial, incluyen un problema que permite cambiar la contraseña de administrador de BIOS por medio de la interfaz de administración de Dell sin conocer la contraseña de administrador de BIOS actual. Potencialmente, esto podría permitir a un actor no autorizado, con acceso físico y/o privilegios de administrador del sistema operativo al dispositivo, obtener acceso privilegiado a la plataforma y al disco duro

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-03 CVE Reserved
  • 2020-06-10 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-158: Improper Neutralization of Null Byte or NUL Character
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
Latitude 5300 Firmware
Search vendor "Dell" for product "Latitude 5300 Firmware"
< 1.9.4
Search vendor "Dell" for product "Latitude 5300 Firmware" and version " < 1.9.4"
-
Affected
in Dell
Search vendor "Dell"
Latitude 5300
Search vendor "Dell" for product "Latitude 5300"
--
Safe
Dell
Search vendor "Dell"
Latitude 5300 2-in-1 Firmware
Search vendor "Dell" for product "Latitude 5300 2-in-1 Firmware"
< 1.9.4
Search vendor "Dell" for product "Latitude 5300 2-in-1 Firmware" and version " < 1.9.4"
-
Affected
in Dell
Search vendor "Dell"
Latitude 5300 2-in-1
Search vendor "Dell" for product "Latitude 5300 2-in-1"
--
Safe
Dell
Search vendor "Dell"
Latitude 5400 Firmware
Search vendor "Dell" for product "Latitude 5400 Firmware"
< 1.7.4
Search vendor "Dell" for product "Latitude 5400 Firmware" and version " < 1.7.4"
-
Affected
in Dell
Search vendor "Dell"
Latitude 5400
Search vendor "Dell" for product "Latitude 5400"
--
Safe
Dell
Search vendor "Dell"
Latitude 5401 Firmware
Search vendor "Dell" for product "Latitude 5401 Firmware"
< 1.8.4
Search vendor "Dell" for product "Latitude 5401 Firmware" and version " < 1.8.4"
-
Affected
in Dell
Search vendor "Dell"
Latitude 5401
Search vendor "Dell" for product "Latitude 5401"
--
Safe
Dell
Search vendor "Dell"
Latitude 5500 Firmware
Search vendor "Dell" for product "Latitude 5500 Firmware"
< 1.7.4
Search vendor "Dell" for product "Latitude 5500 Firmware" and version " < 1.7.4"
-
Affected
in Dell
Search vendor "Dell"
Latitude 5500
Search vendor "Dell" for product "Latitude 5500"
--
Safe
Dell
Search vendor "Dell"
Latitude 5501 Firmware
Search vendor "Dell" for product "Latitude 5501 Firmware"
< 1.8.4
Search vendor "Dell" for product "Latitude 5501 Firmware" and version " < 1.8.4"
-
Affected
in Dell
Search vendor "Dell"
Latitude 5501
Search vendor "Dell" for product "Latitude 5501"
--
Safe
Dell
Search vendor "Dell"
Latitude 7200 2 In 1 Firmware
Search vendor "Dell" for product "Latitude 7200 2 In 1 Firmware"
< 1.8.0
Search vendor "Dell" for product "Latitude 7200 2 In 1 Firmware" and version " < 1.8.0"
-
Affected
in Dell
Search vendor "Dell"
Latitude 7200 2 In 1
Search vendor "Dell" for product "Latitude 7200 2 In 1"
--
Safe
Dell
Search vendor "Dell"
Latitude 7220 Firmware
Search vendor "Dell" for product "Latitude 7220 Firmware"
< 1.6.0
Search vendor "Dell" for product "Latitude 7220 Firmware" and version " < 1.6.0"
-
Affected
in Dell
Search vendor "Dell"
Latitude 7220
Search vendor "Dell" for product "Latitude 7220"
--
Safe
Dell
Search vendor "Dell"
Latitude 7220ex Rugged Extreme Tablet Firmware
Search vendor "Dell" for product "Latitude 7220ex Rugged Extreme Tablet Firmware"
< 1.6.0
Search vendor "Dell" for product "Latitude 7220ex Rugged Extreme Tablet Firmware" and version " < 1.6.0"
-
Affected
in Dell
Search vendor "Dell"
Latitude 7220ex Rugged Extreme Tablet
Search vendor "Dell" for product "Latitude 7220ex Rugged Extreme Tablet"
--
Safe
Dell
Search vendor "Dell"
Latitude 7300 Firmware
Search vendor "Dell" for product "Latitude 7300 Firmware"
< 1.7.4
Search vendor "Dell" for product "Latitude 7300 Firmware" and version " < 1.7.4"
-
Affected
in Dell
Search vendor "Dell"
Latitude 7300
Search vendor "Dell" for product "Latitude 7300"
--
Safe
Dell
Search vendor "Dell"
Latitude 7400 Firmware
Search vendor "Dell" for product "Latitude 7400 Firmware"
< 1.7.4
Search vendor "Dell" for product "Latitude 7400 Firmware" and version " < 1.7.4"
-
Affected
in Dell
Search vendor "Dell"
Latitude 7400
Search vendor "Dell" for product "Latitude 7400"
--
Safe
Dell
Search vendor "Dell"
Precision 3540 Firmware
Search vendor "Dell" for product "Precision 3540 Firmware"
< 1.7.4
Search vendor "Dell" for product "Precision 3540 Firmware" and version " < 1.7.4"
-
Affected
in Dell
Search vendor "Dell"
Precision 3540
Search vendor "Dell" for product "Precision 3540"
--
Safe
Dell
Search vendor "Dell"
Precision 3541 Firmware
Search vendor "Dell" for product "Precision 3541 Firmware"
< 1.8.4
Search vendor "Dell" for product "Precision 3541 Firmware" and version " < 1.8.4"
-
Affected
in Dell
Search vendor "Dell"
Precision 3541
Search vendor "Dell" for product "Precision 3541"
--
Safe
Dell
Search vendor "Dell"
Precision 7540 Firmware
Search vendor "Dell" for product "Precision 7540 Firmware"
< 1.9.0
Search vendor "Dell" for product "Precision 7540 Firmware" and version " < 1.9.0"
-
Affected
in Dell
Search vendor "Dell"
Precision 7540
Search vendor "Dell" for product "Precision 7540"
--
Safe
Dell
Search vendor "Dell"
Precision 7740 Firmware
Search vendor "Dell" for product "Precision 7740 Firmware"
< 1.9.0
Search vendor "Dell" for product "Precision 7740 Firmware" and version " < 1.9.0"
-
Affected
in Dell
Search vendor "Dell"
Precision 7740
Search vendor "Dell" for product "Precision 7740"
--
Safe
Dell
Search vendor "Dell"
Xps 13 9300 Firmware
Search vendor "Dell" for product "Xps 13 9300 Firmware"
< 1.0.11
Search vendor "Dell" for product "Xps 13 9300 Firmware" and version " < 1.0.11"
-
Affected
in Dell
Search vendor "Dell"
Xps 13 9300
Search vendor "Dell" for product "Xps 13 9300"
--
Safe
Dell
Search vendor "Dell"
Xps 7390 2-in-1 Firmware
Search vendor "Dell" for product "Xps 7390 2-in-1 Firmware"
< 1.4.0
Search vendor "Dell" for product "Xps 7390 2-in-1 Firmware" and version " < 1.4.0"
-
Affected
in Dell
Search vendor "Dell"
Xps 7390 2-in-1
Search vendor "Dell" for product "Xps 7390 2-in-1"
--
Safe
Dell
Search vendor "Dell"
Xps 7590 Firmware
Search vendor "Dell" for product "Xps 7590 Firmware"
< 1.7.0
Search vendor "Dell" for product "Xps 7590 Firmware" and version " < 1.7.0"
-
Affected
in Dell
Search vendor "Dell"
Xps 7590
Search vendor "Dell" for product "Xps 7590"
--
Safe