PT-2020-18427 · Dell · Dell Manageability

Published

2020-06-10

Updated

2020-06-23

CVE-2020-5362

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dell Client Consumer and Commercial platforms (affected versions not specified)

Description The issue concerns an improper authorization vulnerability in the Dell Manageability interface. An unauthorized actor with local system access and OS administrator privileges could bypass BIOS Administrator authentication. This allows the actor to restore BIOS Setup configuration to default values.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-862

Related Identifiers

CVE-2020-5362

Affected Products

Dell Manageability

PT-2020-18427 · Dell · Dell Manageability

CVE-2020-5362

Weakness Enumeration

Related Identifiers

Affected Products

References · 3