CVE-2020-5362 HIGH

CVE-2020-5362

Vendor Dell

Product Dell Client Consumer and Commercial platforms

Weakness CWE-285

Published June 10, 2020

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

What the vulnerability does

01Description

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

Key dates

02Disclosure timeline

June 10, 2020 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-5362

Related vulnerabilities

Identifiers

CVE CVE-2020-5362

CWE CWE-285

CVSS 7.1 / HIGH

Affected versions