CVE-2020-5363

Published Jun 10, 2020
Last updated 4 years ago
CVSS medium 6.7
Overview

Description: Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
Source: security_alert@emc.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: NVD-CWE-Other
security_alert@emc.com: CWE-158
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_5300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "472B8BF6-CBEA-4D13-A9BF-B7F2CCBDFBEB",
            "versionEndExcluding": "1.9.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_5300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "01DB6216-3CF6-46C5-9592-4BACCF04130A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_5300_2-in-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80D11457-8720-47F5-887E-DCF20B007CC6",
            "versionEndExcluding": "1.9.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_5300_2-in-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "184C0853-8EE9-4CDE-94E1-A1CA0CA0518D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95FF8996-E107-4234-AEB6-DB160B238BE8",
            "versionEndExcluding": "1.7.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_5400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EA6BB99C-65CE-43D8-8034-F9844285747E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_5401_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84C57FE0-9438-45B0-B989-C7D6E4E3B86C",
            "versionEndExcluding": "1.8.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_5401:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C7B6DD44-0D01-4737-A01A-FD5AA95D9809"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A06017E8-13B7-4A15-9888-F2746EDF9E11",
            "versionEndExcluding": "1.7.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_5500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F5EDBEF3-D117-4F6C-8373-FC744D327128"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_5501_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59D4443F-654A-4139-B31A-1A40306B03C2",
            "versionEndExcluding": "1.8.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_5501:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "18ED69A2-0B53-4B77-B65C-D6E291F17165"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_7200_2_in_1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5752689D-696E-42BF-8121-9BC0A4E813C9",
            "versionEndExcluding": "1.8.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_7200_2_in_1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F5D6DECA-23D7-4FE4-ADFC-0181F1A7DB38"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_7220_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BCA7A82-95F7-4FF7-9165-080890712A72",
            "versionEndExcluding": "1.6.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_7220:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1C07F7C8-8F9B-4C32-858A-7535C3EE69B9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_7220ex_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58C86C3A-7F53-4B4B-9A1D-5756EB2900A4",
            "versionEndExcluding": "1.6.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_7220ex_rugged_extreme_tablet:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ABED319D-9A24-4768-BF6E-80ABB116B73A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_7300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A980EEE3-C20E-40D5-A356-72C6903BCAD5",
            "versionEndExcluding": "1.7.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_7300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9DE30AD4-D03C-441A-A42F-9A488B5B86B4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:latitude_7400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11DDA62A-1FBC-44C7-8E9F-40F07F44BAD4",
            "versionEndExcluding": "1.7.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:latitude_7400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DF84D171-D235-4705-9F4E-84189DB64798"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:precision_3540_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1286833-199E-4976-A1EE-80018AC68FE4",
            "versionEndExcluding": "1.7.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:precision_3540:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6E64C4D-04A7-448C-A87D-66CC8F74B4BD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:precision_3541_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED2A4F8F-07AE-46DE-BDF0-F3D955995650",
            "versionEndExcluding": "1.8.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:precision_3541:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA67FEED-A4C5-41E2-B523-E7BD2A0DA19E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:precision_7540_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6402F353-8C7D-4399-A6B2-17E09CD66124",
            "versionEndExcluding": "1.9.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:precision_7540:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3400683A-24F0-494E-89CC-782769F0A643"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:precision_7740_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C15DC961-5B38-4587-BE72-BDFD96128A2D",
            "versionEndExcluding": "1.9.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:precision_7740:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "91E8171B-5C5A-4019-A68F-AE8A3C2E0608"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:xps_13_9300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5E7B65E-7699-490C-A8E2-44E479B5C1CA",
            "versionEndExcluding": "1.0.11"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:xps_13_9300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "01156707-85B0-4580-92DB-4158658C9C6B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:xps_7390_2-in-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E640379-B1A5-4625-ACFD-833113E663D3",
            "versionEndExcluding": "1.4.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:xps_7390_2-in-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3A78B3BC-8FEE-4AC4-B5C8-D29BD16AA944"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:xps_7590_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BAB1362-F142-481C-B0C5-6B8F716F9BA8",
            "versionEndExcluding": "1.7.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:xps_7590:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9F5E46E-1839-4FCA-88EF-A06208973C1A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
