CVE-2020-5361 MEDIUM

CVE-2020-5361

Vendor Dell

Product CPG BIOS

Weakness CWE-640 · Weak password recovery

Published January 4, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Physical

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.

Key dates

02Disclosure timeline

January 4, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-5361 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/640.html

Related vulnerabilities

CVE-2020-5361

01Description

02Disclosure timeline

03References

04Related CVE