Numero articolo: 000130081
High
CVE-2020-5363
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2020-5363
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products:
Dell Client Consumer and Commercial platforms (see Resolution section below for complete list of affected products)
Resolution:
The following is a list of impacted products and release dates. Dell recommends all customers update at the earliest opportunity.
We recommend customers follow security best practices and prevent unauthorized physical access to devices. Customers should ensure that OS protections are utilized, including OS Administrator password protections and OS login password to help prevent unauthorized access to the OS and the manageability interface.
Please visit the Drivers and Downloads site for updates on the applicable products. Note, the following list of impacted products with released BIOS updates are linked. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.
Customers may use one of the Download notification applications to be notified and download driver, BIOS and firmware updates automatically once available.
Notes:
Dell Client Consumer and Commercial Platforms Affected
The following is a list of impacted products and release dates:
Product |
Update BIOS Version |
Release Date (MM/DD/YYYY) |
---|---|---|
Latitude 5300 |
1.9.4 |
5/22/2020 |
Latitude 5300 2-IN-1 |
1.9.4 |
5/22/2020 |
Latitude 5400 |
1.7.4 |
5/22/2020 |
Latitude 5401 |
1.8.4 |
5/22/2020 |
Latitude 5500 |
1.7.4 |
5/22/2020 |
Latitude 5501 |
1.8.4 |
5/22/2020 |
Latitude 7200 2 in 1 |
1.8.0 |
5/22/2020 |
Latitude 7220 / 7220EX Rugged Extreme Tablet |
1.6.0 |
5/26/2020 |
Latitude 7300 |
1.7.4 |
5/22/2020 |
Latitude 7400 |
1.7.4 |
5/22/2020 |
Precision 3540 |
1.7.4 |
5/22/2020 |
Precision 3541 |
1.8.4 |
5/22/2020 |
Precision 7540 |
1.9.0 |
5/22/2020 |
Precision 7740 |
1.9.0 |
5/22/2020 |
XPS 13 9300 |
1.0.11 |
5/22/2020 |
XPS 7390 2-in-1 |
1.4.0 |
5/22/2020 |
XPS 7590 |
1.7.0 |
5/22/2020 |
Affected products:
Dell Client Consumer and Commercial platforms (see Resolution section below for complete list of affected products)
Resolution:
The following is a list of impacted products and release dates. Dell recommends all customers update at the earliest opportunity.
We recommend customers follow security best practices and prevent unauthorized physical access to devices. Customers should ensure that OS protections are utilized, including OS Administrator password protections and OS login password to help prevent unauthorized access to the OS and the manageability interface.
Please visit the Drivers and Downloads site for updates on the applicable products. Note, the following list of impacted products with released BIOS updates are linked. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.
Customers may use one of the Download notification applications to be notified and download driver, BIOS and firmware updates automatically once available.
Notes:
Dell Client Consumer and Commercial Platforms Affected
The following is a list of impacted products and release dates:
Product |
Update BIOS Version |
Release Date (MM/DD/YYYY) |
---|---|---|
Latitude 5300 |
1.9.4 |
5/22/2020 |
Latitude 5300 2-IN-1 |
1.9.4 |
5/22/2020 |
Latitude 5400 |
1.7.4 |
5/22/2020 |
Latitude 5401 |
1.8.4 |
5/22/2020 |
Latitude 5500 |
1.7.4 |
5/22/2020 |
Latitude 5501 |
1.8.4 |
5/22/2020 |
Latitude 7200 2 in 1 |
1.8.0 |
5/22/2020 |
Latitude 7220 / 7220EX Rugged Extreme Tablet |
1.6.0 |
5/26/2020 |
Latitude 7300 |
1.7.4 |
5/22/2020 |
Latitude 7400 |
1.7.4 |
5/22/2020 |
Precision 3540 |
1.7.4 |
5/22/2020 |
Precision 3541 |
1.8.4 |
5/22/2020 |
Precision 7540 |
1.9.0 |
5/22/2020 |
Precision 7740 |
1.9.0 |
5/22/2020 |
XPS 13 9300 |
1.0.11 |
5/22/2020 |
XPS 7390 2-in-1 |
1.4.0 |
5/22/2020 |
XPS 7590 |
1.7.0 |
5/22/2020 |
Latitude, XPS
10 nov 2021
6
Dell Security Advisory