DSA-2020-108: Dell Dock Firmware Update Utilities Arbitrary File Overwrite Vulnerability

DSA-2020-108: Dell Dock Firmware Update Utilities Arbitrary File Overwrite Vulnerability

DSA Identifier: DSA-2020-108

CVE Identifier: CVE-2020-5357

Severity: High

Severity Rating: CVSS Base Score: 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

Affected products:

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations (see Resolution section below for complete list of affected products)


Dell Dock Firmware Update Utilities has been updated to address an arbitrary file overwrite vulnerability.

Dell Dock Firmware Update Utility is a self-contained executable in a standard package format that updates a firmware element on the dock, which consists of two parts:

  1. A framework providing a consistent interface for applying payloads
  2. The payload that is the firmware/BIOS/Drivers


Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.


Customers should use the latest releases available from Dell support when updating their systems. Customers do not need to download and rerun update packages if the system is already running the latest BIOS, firmware or driver content.

Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are subject to change without notice.
  • The platform list for Dell Client products will be updated periodically. Please check back frequently for the most up-to-date information.
  • Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
  • Release dates below are in U.S. format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.

Dell Client Consumer and Commercial Products Affected

The following is a list of impacted products:


Update firmware Version
(or greater)

Release Date (MM/DD/YYYY)
Expected Release ( Month /YYYY)

Dell Dock WD15



Dell Dock WD19



Dell Thunderbolt Dock TB16



Thunderbolt Dock - TB18DC




Dell would like to thank Eran Shimony for reporting this vulnerability.

Severity Rating:

For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

Legal Information:

Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages.

Article ID: SLN321564

Last Date Modified: 05/28/2020 02:53 AM

Rate this article

Easy to understand
Was this article helpful?
0/3000 characters
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\
characters left.