CVE-2020-5363

{"id": "CVE-2020-5363", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2020-06-10T21:15:11.037", "references": [{"url": "https://www.dell.com/support/article/SLN321604", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-158"}]}], "descriptions": [{"lang": "en", "value": "Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive."}, {"lang": "es", "value": "Plataformas Select Dell Client Consumer and Commercial, incluyen un problema que permite cambiar la contrase\u00f1a de administrador de BIOS por medio de la interfaz de administraci\u00f3n de Dell sin conocer la contrase\u00f1a de administrador de BIOS actual. Potencialmente, esto podr\u00eda permitir a un actor no autorizado, con acceso f\u00edsico y/o privilegios de administrador del sistema operativo al dispositivo, obtener acceso privilegiado a la plataforma y al disco duro"}], "lastModified": "2020-06-23T16:16:46.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_5300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "472B8BF6-CBEA-4D13-A9BF-B7F2CCBDFBEB", "versionEndExcluding": "1.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_5300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "01DB6216-3CF6-46C5-9592-4BACCF04130A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_5300_2-in-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80D11457-8720-47F5-887E-DCF20B007CC6", "versionEndExcluding": "1.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_5300_2-in-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "184C0853-8EE9-4CDE-94E1-A1CA0CA0518D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95FF8996-E107-4234-AEB6-DB160B238BE8", "versionEndExcluding": "1.7.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_5400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA6BB99C-65CE-43D8-8034-F9844285747E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_5401_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84C57FE0-9438-45B0-B989-C7D6E4E3B86C", "versionEndExcluding": "1.8.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_5401:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C7B6DD44-0D01-4737-A01A-FD5AA95D9809"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06017E8-13B7-4A15-9888-F2746EDF9E11", "versionEndExcluding": "1.7.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_5500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5EDBEF3-D117-4F6C-8373-FC744D327128"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_5501_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D4443F-654A-4139-B31A-1A40306B03C2", "versionEndExcluding": "1.8.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_5501:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18ED69A2-0B53-4B77-B65C-D6E291F17165"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_7200_2_in_1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5752689D-696E-42BF-8121-9BC0A4E813C9", "versionEndExcluding": "1.8.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_7200_2_in_1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5D6DECA-23D7-4FE4-ADFC-0181F1A7DB38"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_7220_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BCA7A82-95F7-4FF7-9165-080890712A72", "versionEndExcluding": "1.6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_7220:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C07F7C8-8F9B-4C32-858A-7535C3EE69B9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_7220ex_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58C86C3A-7F53-4B4B-9A1D-5756EB2900A4", "versionEndExcluding": "1.6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_7220ex_rugged_extreme_tablet:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ABED319D-9A24-4768-BF6E-80ABB116B73A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_7300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A980EEE3-C20E-40D5-A356-72C6903BCAD5", "versionEndExcluding": "1.7.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_7300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9DE30AD4-D03C-441A-A42F-9A488B5B86B4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_7400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11DDA62A-1FBC-44C7-8E9F-40F07F44BAD4", "versionEndExcluding": "1.7.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_7400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DF84D171-D235-4705-9F4E-84189DB64798"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_3540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1286833-199E-4976-A1EE-80018AC68FE4", "versionEndExcluding": "1.7.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_3540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E6E64C4D-04A7-448C-A87D-66CC8F74B4BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_3541_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED2A4F8F-07AE-46DE-BDF0-F3D955995650", "versionEndExcluding": "1.8.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_3541:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA67FEED-A4C5-41E2-B523-E7BD2A0DA19E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6402F353-8C7D-4399-A6B2-17E09CD66124", "versionEndExcluding": "1.9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3400683A-24F0-494E-89CC-782769F0A643"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7740_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C15DC961-5B38-4587-BE72-BDFD96128A2D", "versionEndExcluding": "1.9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7740:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91E8171B-5C5A-4019-A68F-AE8A3C2E0608"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:xps_13_9300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5E7B65E-7699-490C-A8E2-44E479B5C1CA", "versionEndExcluding": "1.0.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:xps_13_9300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "01156707-85B0-4580-92DB-4158658C9C6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:xps_7390_2-in-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E640379-B1A5-4625-ACFD-833113E663D3", "versionEndExcluding": "1.4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:xps_7390_2-in-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A78B3BC-8FEE-4AC4-B5C8-D29BD16AA944"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:xps_7590_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BAB1362-F142-481C-B0C5-6B8F716F9BA8", "versionEndExcluding": "1.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:xps_7590:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D9F5E46E-1839-4FCA-88EF-A06208973C1A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}