Unauthorized BIOS Admin Password Modification in Dell Client Platforms
CVE-2020-5363

8.6HIGH

Key Information:

Vendor: Dell
Status: Dell Client Consumer And Commercial Platforms
Vendor: CVE Published:; 10 June 2020

Summary

Certain Dell Client Consumer and Commercial platforms have a vulnerability that enables the BIOS Admin password to be altered via Dell's manageability interface without needing the current password. This flaw poses a significant risk, allowing individuals with physical access and/or OS administrator privileges to compromise the platform, gaining elevated access to the system, including sensitive data stored on the hard drive.

Affected Version(s)

Dell Client Consumer and Commercial platforms https://www.dell.com/support/article/SLN321604

References

https://www.dell.com/support/article/SLN321604

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 3, 2020