CVE-2020-5362

7.1HIGH

Key Information:

Vendor: Dell
Status: Dell Client Consumer And Commercial Platforms
Vendor: CVE Published:; 10 June 2020

Summary

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Affected Version(s)

Dell Client Consumer and Commercial platforms https://www.dell.com/support/article/SLN321726

References

https://www.dell.com/support/article/SLN321726

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 3, 2020