Sign-up

ID

VAR-202002-1113


CVE

CVE-2020-5326


TITLE

Dell Vulnerability in lack of authentication for critical features on client platforms

Trust: 0.8

sources: JVNDB: JVNDB-2020-002362

DESCRIPTION

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. Dell A vulnerability exists in the client platform regarding the lack of authentication for critical features.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2020-5326 // JVNDB: JVNDB-2020-002362

AFFECTED PRODUCTS

vendor:dellmodel:latitude 5175scope:ltversion:1.7.1

Trust: 1.0

vendor:dellmodel:latitude 5500scope:ltversion:1.3.11

Trust: 1.0

vendor:dellmodel:latitude e5270scope:ltversion:1.21.4

Trust: 1.0

vendor:dellmodel:optiplex 7450scope:ltversion:1.13.1

Trust: 1.0

vendor:dellmodel:inspiron 3584scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:latitude 7280scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:precision 7910scope:lteversion:a31

Trust: 1.0

vendor:dellmodel:wyse 7040scope:ltversion:1.6.0

Trust: 1.0

vendor:dellmodel:optiplex 7070scope:ltversion:1.0.3

Trust: 1.0

vendor:dellmodel:latitude 3590scope:ltversion:1.9.9

Trust: 1.0

vendor:dellmodel:optiplex 5270scope:ltversion:1.1.1

Trust: 1.0

vendor:dellmodel:g3 3590scope:ltversion:1.4.3

Trust: 1.0

vendor:dellmodel:inspiron 5481scope:ltversion:2.4.0

Trust: 1.0

vendor:dellmodel:latitude 7370scope:ltversion:1.18.5

Trust: 1.0

vendor:dellmodel:g3 3579scope:ltversion:1.10.0

Trust: 1.0

vendor:dellmodel:precision 5820scope:ltversion:1.11.1

Trust: 1.0

vendor:dellmodel:vostro 3070scope:ltversion:2.13.0

Trust: 1.0

vendor:dellmodel:inspiron 3480scope:ltversion:1.5.1

Trust: 1.0

vendor:dellmodel:inspiron 15 gaming 7566scope:ltversion:1.5.0

Trust: 1.0

vendor:dellmodel:inspiron 15 7572scope:ltversion:1.2.1

Trust: 1.0

vendor:dellmodel:latitude 5289scope:ltversion:1.18.1

Trust: 1.0

vendor:dellmodel:optiplex 7050scope:ltversion:1.12.1

Trust: 1.0

vendor:dellmodel:xps 13 9343scope:ltversion:a20

Trust: 1.0

vendor:dellmodel:precision 3431scope:ltversion:1.0.3

Trust: 1.0

vendor:dellmodel:latitude 5401scope:ltversion:1.3.11

Trust: 1.0

vendor:dellmodel:precision 7740scope:ltversion:1.1.3

Trust: 1.0

vendor:dellmodel:vostro 3580scope:ltversion:1.5.1

Trust: 1.0

vendor:dellmodel:latitude 5280scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:precision 3540scope:ltversion:1.3.11

Trust: 1.0

vendor:dellmodel:latitude 5580scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:inspiron 5570scope:ltversion:1.2.3

Trust: 1.0

vendor:dellmodel:xps 15 9550scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:precision 7820scope:ltversion:2.0.5

Trust: 1.0

vendor:dellmodel:precision 7510scope:ltversion:1.18.5

Trust: 1.0

vendor:dellmodel:optiplex 3060scope:ltversion:1.4.2

Trust: 1.0

vendor:dellmodel:optiplex 7460scope:ltversion:1.7.3

Trust: 1.0

vendor:dellmodel:optiplex xe3scope:ltversion:1.4.2

Trust: 1.0

vendor:dellmodel:precision 7710scope:ltversion:1.18.5

Trust: 1.0

vendor:dellmodel:latitude 7300scope:ltversion:1.3.11

Trust: 1.0

vendor:dellmodel:precision 7720scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:latitude 5480scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:embedded box pc 5000scope:ltversion:1.6.0

Trust: 1.0

vendor:dellmodel:optiplex 3240scope:ltversion:1.8.1

Trust: 1.0

vendor:dellmodel:latitude 7480scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:latitude 7424 rugged extremescope:ltversion:1.5.0

Trust: 1.0

vendor:dellmodel:xps 13 9360scope:ltversion:2.12.0

Trust: 1.0

vendor:dellmodel:latitude 3490scope:ltversion:1.9.9

Trust: 1.0

vendor:dellmodel:precision 7520scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:inspiron 7580scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:vostro 5481scope:ltversion:2.4.0

Trust: 1.0

vendor:dellmodel:inspiron 5370scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:latitude 7275scope:ltversion:1.6.1

Trust: 1.0

vendor:dellmodel:optiplex 5060scope:ltversion:1.4.2

Trust: 1.0

vendor:dellmodel:vostro 5370scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:precision 5810scope:ltversion:a31

Trust: 1.0

vendor:dellmodel:latitude 5400scope:ltversion:1.3.11

Trust: 1.0

vendor:dellmodel:latitude 7389scope:ltversion:1.18.1

Trust: 1.0

vendor:dellmodel:latitude 5591scope:ltversion:1.8.1

Trust: 1.0

vendor:dellmodel:latitude 3480scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:inspiron 7786scope:ltversion:1.5.0

Trust: 1.0

vendor:dellmodel:inspiron 15 gaming 7577scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:inspiron 3781scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:xps 15 9570scope:ltversion:1.11.2

Trust: 1.0

vendor:dellmodel:latitude 3300scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:inspiron 7380scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:precision 3620scope:ltversion:2.13.1

Trust: 1.0

vendor:dellmodel:latitude 5290scope:ltversion:1.9.0

Trust: 1.0

vendor:dellmodel:g5 5590scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:g7 7790scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:xps 12 9250scope:ltversion:1.6.1

Trust: 1.0

vendor:dellmodel:vostro 3470scope:ltversion:2.13.0

Trust: 1.0

vendor:dellmodel:latitude 5488scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:inspiron 3670scope:ltversion:2.13.0

Trust: 1.0

vendor:dellmodel:inspiron 7472scope:ltversion:1.2.1

Trust: 1.0

vendor:dellmodel:optiplex 7060scope:ltversion:1.4.2

Trust: 1.0

vendor:dellmodel:inspiron 5480scope:ltversion:2.4.0

Trust: 1.0

vendor:dellmodel:latitude 5590scope:ltversion:1.9.0

Trust: 1.0

vendor:dellmodel:vostro 7580scope:ltversion:1.11.1

Trust: 1.0

vendor:dellmodel:optiplex 3050scope:ltversion:1.12.1

Trust: 1.0

vendor:dellmodel:inspiron 3580scope:ltversion:1.5.1

Trust: 1.0

vendor:dellmodel:optiplex 5040scope:ltversion:1.14.5

Trust: 1.0

vendor:dellmodel:optiplex 7470scope:ltversion:1.1.1

Trust: 1.0

vendor:dellmodel:vostro 3670scope:ltversion:2.13.0

Trust: 1.0

vendor:dellmodel:latitude 7414scope:ltversion:1.24.0

Trust: 1.0

vendor:dellmodel:inspiron 3470scope:ltversion:2.13.0

Trust: 1.0

vendor:dellmodel:latitude 5288scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:latitude 7380scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:inspiron 7590scope:ltversion:1.1.1

Trust: 1.0

vendor:dellmodel:inspiron 7591scope:ltversion:1.1.1

Trust: 1.0

vendor:dellmodel:precision 3420scope:ltversion:2.13.1

Trust: 1.0

vendor:dellmodel:precision 3530scope:ltversion:1.8.1

Trust: 1.0

vendor:dellmodel:xps 27 7760scope:ltversion:2.5.1

Trust: 1.0

vendor:dellmodel:precision 3510scope:ltversion:1.21.4

Trust: 1.0

vendor:dellmodel:inspiron 5770scope:ltversion:1.2.3

Trust: 1.0

vendor:dellmodel:latitude 5490scope:ltversion:1.9.0

Trust: 1.0

vendor:dellmodel:vostro 15 7570scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:vostro 3480scope:ltversion:1.5.1

Trust: 1.0

vendor:dellmodel:optiplex 5050scope:ltversion:1.12.1

Trust: 1.0

vendor:dellmodel:optiplex 3040scope:ltversion:1.11.3

Trust: 1.0

vendor:dellmodel:xps 15 9560scope:ltversion:1.15.0

Trust: 1.0

vendor:dellmodel:optiplex 5070scope:ltversion:1.0.3

Trust: 1.0

vendor:dellmodel:vostro 3583scope:ltversion:1.5.1

Trust: 1.0

vendor:dellmodel:inspiron 5582scope:ltversion:2.4.0

Trust: 1.0

vendor:dellmodel:optiplex 7440scope:ltversion:1.11.1

Trust: 1.0

vendor:dellmodel:optiplex 3046scope:ltversion:1.8.2

Trust: 1.0

vendor:dellmodel:inspiron 14 gaming 7467scope:ltversion:1.10.0

Trust: 1.0

vendor:dellmodel:precision 7530scope:ltversion:1.9.0

Trust: 1.0

vendor:dellmodel:inspiron 3583scope:ltversion:1.5.1

Trust: 1.0

vendor:dellmodel:latitude 5414scope:ltversion:1.24.0

Trust: 1.0

vendor:dellmodel:latitude 7290scope:ltversion:1.10.0

Trust: 1.0

vendor:dellmodel:vostro 3584scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:inspiron 3780scope:ltversion:1.5.1

Trust: 1.0

vendor:dellmodel:latitude 7212scope:ltversion:1.26.0

Trust: 1.0

vendor:dellmodel:precision 5520scope:ltversion:1.15.0

Trust: 1.0

vendor:dellmodel:g7 7588scope:ltversion:1.11.1

Trust: 1.0

vendor:dellmodel:latitude 7285scope:ltversion:1.4.1

Trust: 1.0

vendor:dellmodel:optiplex 7040scope:ltversion:1.15.5

Trust: 1.0

vendor:dellmodel:latitude 5300scope:ltversion:1.3.1

Trust: 1.0

vendor:dellmodel:precision 5720scope:ltversion:2.5.1

Trust: 1.0

vendor:dellmodel:inspiron 5488scope:ltversion:2.4.0

Trust: 1.0

vendor:dellmodel:precision 3630scope:ltversion:1.2.0

Trust: 1.0

vendor:dellmodel:inspiron 7386scope:ltversion:1.5.0

Trust: 1.0

vendor:dellmodel:latitude e7470scope:ltversion:1.22.8

Trust: 1.0

vendor:dellmodel:precision 7920scope:ltversion:2.0.5

Trust: 1.0

vendor:dellmodel:inspiron 7586scope:ltversion:1.5.0

Trust: 1.0

vendor:dellmodel:optiplex 5250scope:ltversion:1.13.1

Trust: 1.0

vendor:dellmodel:precision 3430scope:ltversion:1.4.2

Trust: 1.0

vendor:dellmodel:latitude 3580scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:latitude 5491scope:ltversion:1.8.1

Trust: 1.0

vendor:dellmodel:g5 5587scope:ltversion:1.11.1

Trust: 1.0

vendor:dellmodel:inspiron 14 gaming 7466scope:ltversion:1.5.0

Trust: 1.0

vendor:dellmodel:latitude 7400scope:ltversion:1.3.11

Trust: 1.0

vendor:dellmodel:latitude e7270scope:ltversion:1.22.8

Trust: 1.0

vendor:dellmodel:xps 8900scope:ltversion:2.6.1

Trust: 1.0

vendor:dellmodel:inspiron 5580scope:ltversion:2.4.0

Trust: 1.0

vendor:dellmodel:latitude 5420 ruggedscope:ltversion:1.5.0

Trust: 1.0

vendor:dellmodel:optiplex 5260scope:ltversion:1.7.3

Trust: 1.0

vendor:dellmodel:xps 15 9575scope:ltversion:1.6.1

Trust: 1.0

vendor:dellmodel:latitude 7214scope:ltversion:1.24.0

Trust: 1.0

vendor:dellmodel:wyse 5070scope:ltversion:1.2.4

Trust: 1.0

vendor:dellmodel:precision 3541scope:ltversion:1.2.11

Trust: 1.0

vendor:dellmodel:vostro 7590scope:ltversion:1.1.1

Trust: 1.0

vendor:dellmodel:vostro 5471scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:latitude 7202scope:ltversion:a24

Trust: 1.0

vendor:dellmodel:inspiron 3481scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:precision 3520scope:ltversion:1.15.1

Trust: 1.0

vendor:dellmodel:precision 5510scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:inspiron 5482scope:ltversion:2.4.0

Trust: 1.0

vendor:dellmodel:vostro 3481scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:chengming 3980scope:ltversion:2.13.0

Trust: 1.0

vendor:dellmodel:latitude e5570scope:ltversion:1.21.4

Trust: 1.0

vendor:dellmodel:precision 5530scope:ltversion:1.11.2

Trust: 1.0

vendor:dellmodel:precision 7730scope:ltversion:1.9.0

Trust: 1.0

vendor:dellmodel:g7 7590scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:latitude 5179scope:ltversion:1.7.1

Trust: 1.0

vendor:dellmodel:xps 13 9350scope:ltversion:1.11.1

Trust: 1.0

vendor:dellmodel:latitude 3460scope:ltversion:a17

Trust: 1.0

vendor:dellmodel:latitude 7390scope:ltversion:1.10.0

Trust: 1.0

vendor:dellmodel:optiplex 7760scope:ltversion:1.7.3

Trust: 1.0

vendor:dellmodel:latitude 5501scope:ltversion:1.2.11

Trust: 1.0

vendor:dellmodel:precision 7810scope:ltversion:a31

Trust: 1.0

vendor:dellmodel:xps 13 9380scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:precision 7540scope:ltversion:1.1.3

Trust: 1.0

vendor:dellmodel:vostro 5581scope:ltversion:2.4.0

Trust: 1.0

vendor:dellmodel:optiplex 3070scope:ltversion:1.0.3

Trust: 1.0

vendor:dellmodel:inspiron 3581scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:latitude e5470scope:ltversion:1.21.4

Trust: 1.0

vendor:dellmodel:g3 3779scope:ltversion:1.10.0

Trust: 1.0

vendor:dellmodel:latitude 7490scope:ltversion:1.10.0

Trust: 1.0

vendor:dellmodel:precision 3930scope:ltversion:2.2.0

Trust: 1.0

vendor:dellmodel:vostro 3581scope:ltversion:1.4.0

Trust: 1.0

vendor:dellmodel:latitude 5424 ruggedscope:ltversion:1.5.0

Trust: 1.0

vendor:dellmodel:optiplex 7770scope:ltversion:1.1.1

Trust: 1.0

vendor:dellmodel:inspiron 15 gaming 7567scope:ltversion:1.10.0

Trust: 1.0

vendor:dellmodel:chengming 3980scope: - version: -

Trust: 0.8

vendor:dellmodel:g3 3579scope: - version: -

Trust: 0.8

vendor:dellmodel:g3 3590scope: - version: -

Trust: 0.8

vendor:dellmodel:g3 3779scope: - version: -

Trust: 0.8

vendor:dellmodel:g5 5587scope: - version: -

Trust: 0.8

vendor:dellmodel:g5 5590scope: - version: -

Trust: 0.8

vendor:dellmodel:g7 7588scope: - version: -

Trust: 0.8

vendor:dellmodel:g7 7590scope: - version: -

Trust: 0.8

vendor:dellmodel:g7 7790scope: - version: -

Trust: 0.8

vendor:dellmodel:embedded box pc 5000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-002362 // NVD: CVE-2020-5326

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-5326
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002362
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202002-1059
value: MEDIUM

Trust: 0.6

NVD: CVE-2020-5326
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002362
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-5326
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002362
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002362 // CNNVD: CNNVD-202002-1059 // NVD: CVE-2020-5326

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.8

sources: JVNDB: JVNDB-2020-002362 // NVD: CVE-2020-5326

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1059

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-5326

PATCH
title:DSA-2020-035url:https://www.dell.com/support/article/sln320337
Trust: 0.8
title:Dell Client platforms Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110250
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002362 // 
            
            
            
            CNNVD: CNNVD-202002-1059

EXTERNAL IDS
db:NVDid:CVE-2020-5326
Trust: 2.4
db:JVNDBid:JVNDB-2020-002362
Trust: 0.8
db:CNNVDid:CNNVD-202002-1059
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002362 // 
            
            
            
            CNNVD: CNNVD-202002-1059 // 
            
            
            
            NVD: CVE-2020-5326

REFERENCES
url:https://www.dell.com/support/article/sln320337
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-5326
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5326
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002362 // 
            
            
            
            CNNVD: CNNVD-202002-1059 // 
            
            
            
            NVD: CVE-2020-5326

SOURCES
db:JVNDBid:JVNDB-2020-002362
db:CNNVDid:CNNVD-202002-1059
db:NVDid:CVE-2020-5326

LAST UPDATE DATE
2022-05-04T09:50:27.794000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-002362date:2020-03-12T00:00:00
db:CNNVDid:CNNVD-202002-1059date:2021-08-16T00:00:00
db:NVDid:CVE-2020-5326date:2020-03-03T19:18:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-002362date:2020-03-12T00:00:00
db:CNNVDid:CNNVD-202002-1059date:2020-02-21T00:00:00
db:NVDid:CVE-2020-5326date:2020-02-21T15:15:00