CVE-2020-5363

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Plataformas Select Dell Client Consumer and Commercial, incluyen un problema que permite cambiar la contraseña de administrador de BIOS por medio de la interfaz de administración de Dell sin conocer la contraseña de administrador de BIOS actual. Potencialmente, esto podría permitir a un actor no autorizado, con acceso físico y/o privilegios de administrador del sistema operativo al dispositivo, obtener acceso privilegiado a la plataforma y al disco duro

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-03 CVE Reserved
2020-06-10 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-158: Improper Neutralization of Null Byte or NUL Character

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.dell.com/support/article/SLN321604	2020-06-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dell Search vendor "Dell"	Latitude 5300 Firmware Search vendor "Dell" for product "Latitude 5300 Firmware"	< 1.9.4 Search vendor "Dell" for product "Latitude 5300 Firmware" and version " < 1.9.4"	-	Affected	in	Dell Search vendor "Dell"	Latitude 5300 Search vendor "Dell" for product "Latitude 5300"	-	-	Safe
Dell Search vendor "Dell"	Latitude 5300 2-in-1 Firmware Search vendor "Dell" for product "Latitude 5300 2-in-1 Firmware"	< 1.9.4 Search vendor "Dell" for product "Latitude 5300 2-in-1 Firmware" and version " < 1.9.4"	-	Affected	in	Dell Search vendor "Dell"	Latitude 5300 2-in-1 Search vendor "Dell" for product "Latitude 5300 2-in-1"	-	-	Safe
Dell Search vendor "Dell"	Latitude 5400 Firmware Search vendor "Dell" for product "Latitude 5400 Firmware"	< 1.7.4 Search vendor "Dell" for product "Latitude 5400 Firmware" and version " < 1.7.4"	-	Affected	in	Dell Search vendor "Dell"	Latitude 5400 Search vendor "Dell" for product "Latitude 5400"	-	-	Safe
Dell Search vendor "Dell"	Latitude 5401 Firmware Search vendor "Dell" for product "Latitude 5401 Firmware"	< 1.8.4 Search vendor "Dell" for product "Latitude 5401 Firmware" and version " < 1.8.4"	-	Affected	in	Dell Search vendor "Dell"	Latitude 5401 Search vendor "Dell" for product "Latitude 5401"	-	-	Safe
Dell Search vendor "Dell"	Latitude 5500 Firmware Search vendor "Dell" for product "Latitude 5500 Firmware"	< 1.7.4 Search vendor "Dell" for product "Latitude 5500 Firmware" and version " < 1.7.4"	-	Affected	in	Dell Search vendor "Dell"	Latitude 5500 Search vendor "Dell" for product "Latitude 5500"	-	-	Safe
Dell Search vendor "Dell"	Latitude 5501 Firmware Search vendor "Dell" for product "Latitude 5501 Firmware"	< 1.8.4 Search vendor "Dell" for product "Latitude 5501 Firmware" and version " < 1.8.4"	-	Affected	in	Dell Search vendor "Dell"	Latitude 5501 Search vendor "Dell" for product "Latitude 5501"	-	-	Safe
Dell Search vendor "Dell"	Latitude 7200 2 In 1 Firmware Search vendor "Dell" for product "Latitude 7200 2 In 1 Firmware"	< 1.8.0 Search vendor "Dell" for product "Latitude 7200 2 In 1 Firmware" and version " < 1.8.0"	-	Affected	in	Dell Search vendor "Dell"	Latitude 7200 2 In 1 Search vendor "Dell" for product "Latitude 7200 2 In 1"	-	-	Safe
Dell Search vendor "Dell"	Latitude 7220 Firmware Search vendor "Dell" for product "Latitude 7220 Firmware"	< 1.6.0 Search vendor "Dell" for product "Latitude 7220 Firmware" and version " < 1.6.0"	-	Affected	in	Dell Search vendor "Dell"	Latitude 7220 Search vendor "Dell" for product "Latitude 7220"	-	-	Safe
Dell Search vendor "Dell"	Latitude 7220ex Rugged Extreme Tablet Firmware Search vendor "Dell" for product "Latitude 7220ex Rugged Extreme Tablet Firmware"	< 1.6.0 Search vendor "Dell" for product "Latitude 7220ex Rugged Extreme Tablet Firmware" and version " < 1.6.0"	-	Affected	in	Dell Search vendor "Dell"	Latitude 7220ex Rugged Extreme Tablet Search vendor "Dell" for product "Latitude 7220ex Rugged Extreme Tablet"	-	-	Safe
Dell Search vendor "Dell"	Latitude 7300 Firmware Search vendor "Dell" for product "Latitude 7300 Firmware"	< 1.7.4 Search vendor "Dell" for product "Latitude 7300 Firmware" and version " < 1.7.4"	-	Affected	in	Dell Search vendor "Dell"	Latitude 7300 Search vendor "Dell" for product "Latitude 7300"	-	-	Safe
Dell Search vendor "Dell"	Latitude 7400 Firmware Search vendor "Dell" for product "Latitude 7400 Firmware"	< 1.7.4 Search vendor "Dell" for product "Latitude 7400 Firmware" and version " < 1.7.4"	-	Affected	in	Dell Search vendor "Dell"	Latitude 7400 Search vendor "Dell" for product "Latitude 7400"	-	-	Safe
Dell Search vendor "Dell"	Precision 3540 Firmware Search vendor "Dell" for product "Precision 3540 Firmware"	< 1.7.4 Search vendor "Dell" for product "Precision 3540 Firmware" and version " < 1.7.4"	-	Affected	in	Dell Search vendor "Dell"	Precision 3540 Search vendor "Dell" for product "Precision 3540"	-	-	Safe
Dell Search vendor "Dell"	Precision 3541 Firmware Search vendor "Dell" for product "Precision 3541 Firmware"	< 1.8.4 Search vendor "Dell" for product "Precision 3541 Firmware" and version " < 1.8.4"	-	Affected	in	Dell Search vendor "Dell"	Precision 3541 Search vendor "Dell" for product "Precision 3541"	-	-	Safe
Dell Search vendor "Dell"	Precision 7540 Firmware Search vendor "Dell" for product "Precision 7540 Firmware"	< 1.9.0 Search vendor "Dell" for product "Precision 7540 Firmware" and version " < 1.9.0"	-	Affected	in	Dell Search vendor "Dell"	Precision 7540 Search vendor "Dell" for product "Precision 7540"	-	-	Safe
Dell Search vendor "Dell"	Precision 7740 Firmware Search vendor "Dell" for product "Precision 7740 Firmware"	< 1.9.0 Search vendor "Dell" for product "Precision 7740 Firmware" and version " < 1.9.0"	-	Affected	in	Dell Search vendor "Dell"	Precision 7740 Search vendor "Dell" for product "Precision 7740"	-	-	Safe
Dell Search vendor "Dell"	Xps 13 9300 Firmware Search vendor "Dell" for product "Xps 13 9300 Firmware"	< 1.0.11 Search vendor "Dell" for product "Xps 13 9300 Firmware" and version " < 1.0.11"	-	Affected	in	Dell Search vendor "Dell"	Xps 13 9300 Search vendor "Dell" for product "Xps 13 9300"	-	-	Safe
Dell Search vendor "Dell"	Xps 7390 2-in-1 Firmware Search vendor "Dell" for product "Xps 7390 2-in-1 Firmware"	< 1.4.0 Search vendor "Dell" for product "Xps 7390 2-in-1 Firmware" and version " < 1.4.0"	-	Affected	in	Dell Search vendor "Dell"	Xps 7390 2-in-1 Search vendor "Dell" for product "Xps 7390 2-in-1"	-	-	Safe
Dell Search vendor "Dell"	Xps 7590 Firmware Search vendor "Dell" for product "Xps 7590 Firmware"	< 1.7.0 Search vendor "Dell" for product "Xps 7590 Firmware" and version " < 1.7.0"	-	Affected	in	Dell Search vendor "Dell"	Xps 7590 Search vendor "Dell" for product "Xps 7590"	-	-	Safe