PT-2020-18420 · Dell · Dell Latitude 7202 Rugged Tablet Bios

Published

2020-04-03

Updated

2020-04-06

CVE-2020-5348

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28

Description The issue concerns a use-after-free (UAF) vulnerability in the EFI BOOT SERVICES component of the system management mode. This could allow a local unauthenticated attacker to exploit the vulnerability by overwriting the EFI BOOT SERVICES structure, potentially leading to the execution of arbitrary code in system management mode.

Recommendations For Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28, update the BIOS to version A28 or later to resolve the issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2020-5348

Affected Products

Dell Latitude 7202 Rugged Tablet Bios

PT-2020-18420 · Dell · Dell Latitude 7202 Rugged Tablet Bios

CVE-2020-5348

Weakness Enumeration

Related Identifiers

Affected Products

References · 3