Vulnerabilities > CVE-2020-5363 - Unspecified vulnerability in Dell products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

dell

NVD

Published: 2020-06-10

Updated: 2020-06-23

Summary

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Latitude 5300 Firmware - Dell Latitude 5300 Firmware 1.3.1 Dell Latitude 5300 Firmware 1.7.2 Dell Latitude 5300 2 IN 1 Firmware - Dell Latitude 5400 Firmware - Dell Latitude 5400 Firmware 1.3.11 Dell Latitude 5400 Firmware 1.6.3 Dell Latitude 5401 Firmware - Dell Latitude 5401 Firmware 1.3.11 Dell Latitude 5401 Firmware 1.6.1 Dell Latitude 5500 Firmware - Dell Latitude 5500 Firmware 1.3.11 Dell Latitude 5500 Firmware 1.6.3 Dell Latitude 5501 Firmware - Dell Latitude 5501 Firmware 1.2.11 Dell Latitude 5501 Firmware 1.6.1 Dell Latitude 7200 2 IN 1 Firmware * Dell Latitude 7220 Firmware 1.3.1 Dell Latitude 7220Ex Rugged Extreme Tablet Firmware * Dell Latitude 7300 Firmware - Dell Latitude 7300 Firmware 1.3.11 Dell Latitude 7300 Firmware 1.6.1 Dell Latitude 7400 Firmware - Dell Latitude 7400 Firmware 1.3.11 Dell Latitude 7400 Firmware 1.6.1 Dell Precision 3540 Firmware - Dell Precision 3540 Firmware 1.3.11 Dell Precision 3540 Firmware 1.6.3 Dell Precision 3541 Firmware - Dell Precision 3541 Firmware 1.2.11 Dell Precision 3541 Firmware 1.6.1 Dell Precision 7540 Firmware - Dell Precision 7540 Firmware 1.1.3 Dell Precision 7540 Firmware 1.5.1 Dell Precision 7740 Firmware - Dell Precision 7740 Firmware 1.1.3 Dell Precision 7740 Firmware 1.5.1 Dell XPS 13 9300 Firmware - Dell XPS 7390 2 IN 1 Firmware * Dell XPS 7590 Firmware *	40
Hardware	Dell Dell Latitude 5300 - Dell Latitude 5300 2 IN 1 - Dell Latitude 5400 - Dell Latitude 5401 - Dell Latitude 5500 - Dell Latitude 5501 - Dell Latitude 7200 2 IN 1 - Dell Latitude 7220 - Dell Latitude 7220Ex Rugged Extreme Tablet - Dell Latitude 7300 - Dell Latitude 7400 - Dell Precision 3540 - Dell Precision 3541 - Dell Precision 7540 - Dell Precision 7740 - Dell XPS 13 9300 - Dell XPS 7390 2 IN 1 - Dell XPS 7590 -	18

References

https://www.dell.com/support/article/SLN321604