First published: Wed Jun 10 2020(Updated: )
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Latitude 5300 Firmware | <1.9.4 | |
Dell Latitude 5300 | ||
Dell Latitude 5300 2-in-1 Firmware | <1.9.4 | |
Dell Latitude 5300 2-in-1 | ||
Dell Latitude 5400 Firmware | <1.7.4 | |
Dell Latitude 5400 | ||
Dell Latitude 5401 Firmware | <1.8.4 | |
Dell Latitude 5401 | ||
Dell Latitude 5500 Firmware | <1.7.4 | |
Dell Latitude 5500 | ||
Dell Latitude 5501 Firmware | <1.8.4 | |
Dell Latitude 5501 | ||
Dell Latitude 7200 2 In 1 Firmware | <1.8.0 | |
Dell Latitude 7200 2 In 1 | ||
Dell Latitude 7220 Firmware | <1.6.0 | |
Dell Latitude 7220 | ||
Dell Latitude 7220ex Rugged Extreme Tablet Firmware | <1.6.0 | |
Dell Latitude 7220ex Rugged Extreme Tablet | ||
Dell Latitude 7300 Firmware | <1.7.4 | |
Dell Latitude 7300 | ||
Dell Latitude 7400 Firmware | <1.7.4 | |
Dell Latitude 7400 | ||
Dell Precision 3540 Firmware | <1.7.4 | |
Dell Precision 3540 | ||
Dell Precision 3541 Firmware | <1.8.4 | |
Dell Precision 3541 | ||
Dell Precision 7540 Firmware | <1.9.0 | |
Dell Precision 7540 | ||
Dell Precision 7740 Firmware | <1.9.0 | |
Dell Precision 7740 | ||
Dell Xps 13 9300 Firmware | <1.0.11 | |
Dell Xps 13 9300 | ||
Dell Xps 7390 2-in-1 Firmware | <1.4.0 | |
Dell Xps 7390 2-in-1 | ||
Dell Xps 7590 Firmware | <1.7.0 | |
Dell Xps 7590 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5363 is a vulnerability that allows the BIOS Admin password to be changed without knowledge of the current password on select Dell Client Consumer and Commercial platforms.
The Dell Latitude 5300, Latitude 5300 2-in-1, Latitude 5400, Latitude 5401, Latitude 5500, Latitude 5501, Latitude 7200 2-in-1, Latitude 7220, Latitude 7220ex Rugged Extreme Tablet, Latitude 7300, Latitude 7400, Precision 3540, Precision 3541, Precision 7540, Precision 7740, XPS 13 9300, XPS 7390 2-in-1, and XPS 7590 platforms are affected.
CVE-2020-5363 has a severity rating of 6.7 (high).
An unauthorized actor with physical access and/or OS admin privileges can exploit CVE-2020-5363 to change the BIOS Admin password without knowledge of the current password.
You can find more information about CVE-2020-5363 on Dell's support website.