Vulnerabilities > CVE-2020-5348 - Use After Free vulnerability in Dell Latitude 7202 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

dell

CWE-416

NVD

Published: 2020-04-04

Updated: 2020-04-06

Summary

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Latitude 7202 Firmware - Dell Latitude 7202 Firmware A03 Dell Latitude 7202 Firmware A05 Dell Latitude 7202 Firmware A06 Dell Latitude 7202 Firmware A12 Dell Latitude 7202 Firmware A13 Dell Latitude 7202 Firmware A15 Dell Latitude 7202 Firmware A16 Dell Latitude 7202 Firmware A19 Dell Latitude 7202 Firmware A22 Dell Latitude 7202 Firmware A23 Dell Latitude 7202 Firmware A24 Dell Latitude 7202 Firmware A27	13
Hardware	Dell Dell Latitude 7202 -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.dell.com/support/article/SLN320792