Improper Authorization in Dell Manageability Interface for Consumer and Commercial Platforms
CVE-2020-5362

7.1HIGH

Key Information:

Vendor: Dell
Status: Dell Client Consumer And Commercial Platforms
Vendor: CVE Published:; 10 June 2020

Summary

In the Dell Manageability interface for both Consumer and Commercial platforms, an improper authorization vulnerability has been identified. This flaw permits an unauthorized actor with local system access and OS administrator privileges to bypass the BIOS Administrator authentication. Consequently, this allows the attacker to restore the BIOS Setup configuration to default values, potentially exposing sensitive settings or altering system behavior.

Affected Version(s)

Dell Client Consumer and Commercial platforms https://www.dell.com/support/article/SLN321726

References

https://www.dell.com/support/article/SLN321726

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 3, 2020