CVE-2020-5342 HIGH

CVE-2020-5342

Vendor Dell
Product Dell Digital Delivery (Cirrus)
Weakness CWE-276
Published March 9, 2020
Last update September 16, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.

Key dates

02Disclosure timeline

March 9, 2020 CVE published
September 16, 2024 Record updated