8.6
CWE
158
Advisory Published
Updated

CVE-2020-5363

First published: Wed Jun 10 2020(Updated: )

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Credit: security_alert@emc.com

Affected SoftwareAffected VersionHow to fix
Dell Latitude 5300 Firmware<1.9.4
Dell Latitude 5300
Dell Latitude 5300 2-in-1 Firmware<1.9.4
Dell Latitude 5300 2-in-1
Dell Latitude 5400 Firmware<1.7.4
Dell Latitude 5400
Dell Latitude 5401 Firmware<1.8.4
Dell Latitude 5401
Dell Latitude 5500 Firmware<1.7.4
Dell Latitude 5500
Dell Latitude 5501 Firmware<1.8.4
Dell Latitude 5501
Dell Latitude 7200 2 In 1 Firmware<1.8.0
Dell Latitude 7200 2 In 1
Dell Latitude 7220 Firmware<1.6.0
Dell Latitude 7220
Dell Latitude 7220ex Rugged Extreme Tablet Firmware<1.6.0
Dell Latitude 7220ex Rugged Extreme Tablet
Dell Latitude 7300 Firmware<1.7.4
Dell Latitude 7300
Dell Latitude 7400 Firmware<1.7.4
Dell Latitude 7400
Dell Precision 3540 Firmware<1.7.4
Dell Precision 3540
Dell Precision 3541 Firmware<1.8.4
Dell Precision 3541
Dell Precision 7540 Firmware<1.9.0
Dell Precision 7540
Dell Precision 7740 Firmware<1.9.0
Dell Precision 7740
Dell Xps 13 9300 Firmware<1.0.11
Dell Xps 13 9300
Dell Xps 7390 2-in-1 Firmware<1.4.0
Dell Xps 7390 2-in-1
Dell Xps 7590 Firmware<1.7.0
Dell Xps 7590

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-5363?

    CVE-2020-5363 is a vulnerability that allows the BIOS Admin password to be changed without knowledge of the current password on select Dell Client Consumer and Commercial platforms.

  • Which Dell platforms are affected by CVE-2020-5363?

    The Dell Latitude 5300, Latitude 5300 2-in-1, Latitude 5400, Latitude 5401, Latitude 5500, Latitude 5501, Latitude 7200 2-in-1, Latitude 7220, Latitude 7220ex Rugged Extreme Tablet, Latitude 7300, Latitude 7400, Precision 3540, Precision 3541, Precision 7540, Precision 7740, XPS 13 9300, XPS 7390 2-in-1, and XPS 7590 platforms are affected.

  • What is the severity of CVE-2020-5363?

    CVE-2020-5363 has a severity rating of 6.7 (high).

  • How can an unauthorized actor exploit CVE-2020-5363?

    An unauthorized actor with physical access and/or OS admin privileges can exploit CVE-2020-5363 to change the BIOS Admin password without knowledge of the current password.

  • Where can I find more information about CVE-2020-5363?

    You can find more information about CVE-2020-5363 on Dell's support website.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203