CVE-2020-5324

Name of the Vulnerable Software and Affected Versions Dell Client Consumer and Commercial Platforms (affected versions not specified)

Description The issue allows a locally authenticated low-privileged malicious user to exploit the Dell Firmware Update Utility by tricking an administrator into overwriting arbitrary files via a symlink attack. This can happen during the time window when the utility is being executed by an administrator. The actual binary payload delivered by the update utility is not affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.