CVE-2020-5363

8.6HIGH

Key Information:

Vendor: Dell
Status: Dell Client Consumer And Commercial Platforms
Vendor: CVE Published:; 10 June 2020

Summary

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Affected Version(s)

Dell Client Consumer and Commercial platforms https://www.dell.com/support/article/SLN321604

References

https://www.dell.com/support/article/SLN321604

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 3, 2020