Improper Authorization in Dell Manageability Interface for Consumer and Commercial Platforms
CVE-2020-5362

7.1HIGH

Key Information:

Vendor: Dell
Status: Dell Client Consumer And Commercial Platforms
Vendor: CVE Published:; 10 June 2020

What is CVE-2020-5362?

In the Dell Manageability interface for both Consumer and Commercial platforms, an improper authorization vulnerability has been identified. This flaw permits an unauthorized actor with local system access and OS administrator privileges to bypass the BIOS Administrator authentication. Consequently, this allows the attacker to restore the BIOS Setup configuration to default values, potentially exposing sensitive settings or altering system behavior.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Dell Client Consumer and Commercial platforms https://www.dell.com/support/article/SLN321726

References

https://www.dell.com/support/article/SLN321726

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 3, 2020

JSON

Dell