Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000128296

DSA-2020-029: Dell Firmware Update Utility Arbitrary File Overwrite Vulnerability

Summary: Dell Firmware Update Utility has been updated to address an arbitrary file overwrite vulnerability.

Article Content

Impact

High

Details

  • Arbitrary File Overwrite Vulnerability (CVE-2020-5324)

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

  • Arbitrary File Overwrite Vulnerability (CVE-2020-5324)

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected products:

Dell Client Consumer and Commercial Platforms (see Resolution section below for complete list of affected products)
 

Resolution:

Customers should use the latest releases available from Dell support when updating their systems. Customers do not need to download and rerun update packages if the system is already running the latest BIOS, firmware, or driver content.

Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

SLN320348_en_US__1icon Notes:
  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates and are subject to change without notice.
  • The platform list for Dell Client products will be updated periodically. Please check back frequently for the most up-to-date information.
  • Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.

Dell Client Consumer and Commercial Products Affected

The following is a list of impacted products and expected release dates:

Product

Update BIOS Version
(or greater)

Release Date (MM/DD/YYYY)
Expected Release ( Month /YYYY)

Dell G3 15 3590

1.9.2

2/17/2020

Dell G3 3579

1.11.0

1/6/2020

Dell G3 3779

1.11.0

1/6/2020

Dell G5 15 5590

1.11.1

11/27/2019

Dell G5 5090

1.1.2

12/3/2019

Dell G5 5587

1.12.2

2/10/2020

Dell G7 15 7590

1.11.1

11/27/2019

Dell G7 17 7790

1.11.1

11/27/2019

Dell G7 7588

1.12.2

2/10/2020

Inspiron 14 5490

1.4.0

12/11/2019

Inspiron 3480

1.7.0

12/18/2019

Inspiron 3481

1.6.0

12/18/2019

Inspiron 3490

1.5.0

12/19/2019

Inspiron 3493

1.4.0

12/19/2019

Inspiron 3580

1.7.0

12/18/2019

Inspiron 3581

1.6.0

12/18/2019

Inspiron 3583

1.7.0

12/18/2019

Inspiron 3584

1.6.0

12/18/2019

Inspiron 3590

1.5.0

12/19/2019

Inspiron 3593

1.4.0

12/19/2019

Inspiron 3780

1.7.0

12/18/2019

Inspiron 3781

1.6.0

12/18/2019

Inspiron 3790

1.5.0

12/19/2019

Inspiron 3793

1.4.0

12/19/2019

Inspiron 5390

1.7.1

1/7/2020

Inspiron 5391

1.3.0

12/12/2019

Inspiron 5480

2.6.1

3/18/2020

Inspiron 5481

2.6.1

3/18/2020

Inspiron 5482

2.6.1

3/18/2020

Inspiron 5491 2-in-1

1.4.0

12/11/2019

Inspiron 5493

1.4.0

12/19/2019

Inspiron 5494

1.5.0

12/19/2019

Inspiron 5498

1.4.0

12/11/2019

Inspiron 5580

2.6.1

3/18/2020

Inspiron 5582

2.6.1

3/18/2020

Inspiron 5583

1.9.1

1/7/2020

Inspiron 5584

1.9.1

1/7/2020

Inspiron 5590

1.4.0

12/11/2019

Inspiron 5591 2-in-1

1.4.0

12/11/2019

Inspiron 5593

1.4.0

12/19/2019

Inspiron 5594

1.5.0

12/19/2019

Inspiron 5598

1.4.0

12/11/2019

Inspiron 7380

1.10.0

4/14/2020

Inspiron 7386

1.7.1

3/19/2020

Inspiron 7390 2n1

1.7.1

1/16/2020

Inspiron 7391

1.3.0

12/12/2019

Inspiron 7391 2-in-1

1.3.1

12/3/2019

Inspiron 7490

1.2.1

11/26/2019

Inspiron 7580

1.10.0

4/14/2020

Inspiron 7586

1.7.1

3/19/2020

Inspiron 7590

1.5.1

11/27/2019

Inspiron 7590 2n1

1.7.1

1/16/2020

Inspiron 7591

1.5.1

11/27/2019

Inspiron 7591 2 in 1

1.3.1

12/3/2019

Inspiron 7786

1.7.1

3/19/2020

Inspiron 7791 2-in-1

1.3.1

12/3/2019

Latitude 3300

1.7.2

1/6/2020

Latitude 3301

1.7.0

12/6/2019

Latitude 3390 2-in-1

 1.12.2

2/18/2020

Latitude 3400

1.9.2

12/11/2019

Latitude 3490

1.11.0

3/13/2020

Latitude 3500

1.9.2

12/11/2019

Latitude 3590

1.11.0

3/13/2020

Latitude 5290

1.12.1

12/19/2019

Latitude 5290 2-in-1

1.11.2

12/5/2019

Latitude 5300

1.7.2

12/18/2019

Latitude 5300 2-IN-1

1.7.2

12/18/2019

Latitude 5400

1.6.3

12/28/2019

Latitude 5401

1.6.1

12/11/2019

Latitude 5420 Rugged

1.8.5

1/31/2020

Latitude 5424 Rugged

1.8.5

1/31/2020

Latitude 5490

1.12.1

12/19/2019

Latitude 5491

1.11.1

12/17/2019

Latitude 5500

1.6.3

12/28/2019

Latitude 5501

1.6.1

12/11/2019

Latitude 5590

1.12.1

12/19/2019

Latitude 5591

1.11.1

12/17/2019

Latitude 7200 2 in 1

1.6.2

12/19/2019

Latitude 7220 Rugged Extreme Tablet / Latitude 7220EX Rugged Extreme Tablet

1.3.1

12/6/2019

Latitude 7290

1.13.1

12/4/2019

Latitude 7300

1.6.1

12/20/2019

Latitude 7390

1.13.1

12/4/2019

Latitude 7390 2-in-1

1.12.1

11/26/2019

Latitude 7400

1.6.1

12/20/2019

Latitude 7400 2-in-1

1.6.0

12/20/2019

Latitude 7424 Rugged Extreme

1.8.5

1/31/2020

Latitude 7490

1.13.1

12/4/2019

Precision 3530

1.11.1

12/17/2019

Precision 3540

1.6.3

12/28/2019

Precision 3541

1.6.1

12/11/2019

Precision 5530

1.14.0

12/3/2019

Precision 5540

1.4.0

12/4/2019

Precision 7530

1.12.1

12/9/2019

Precision 7540

1.5.1

12/16/2019

Precision 7730

1.12.1

12/9/2019

Precision 7740

1.5.1

12/16/2019

Vostro 15 7580

1.12.2

2/10/2020

Vostro 3480

1.7.0

12/18/2019

Vostro 3481

1.6.0

12/18/2019

Vostro 3490

1.5.0

12/19/2019

Vostro 3580

1.7.0

12/18/2019

Vostro 3581

1.6.0

12/18/2019

Vostro 3583

1.7.0

12/18/2019

Vostro 3584

1.6.0

12/18/2019

Vostro 3590

1.5.0

12/19/2019

Vostro 5390

1.7.1

1/7/2020

Vostro 5391

1.3.0

12/12/2019

Vostro 5481

2.6.1

3/18/2020

Vostro 5490

1.4.0

12/11/2019

Vostro 5581

2.6.1

3/18/2020

Vostro 5590

1.4.0

12/11/2019

Vostro 7590

1.5.1

11/27/2019

Wyse 5070 Thin Client

1.4.2

12/18/2019

Wyse 5470

1.2.1

1/10/2020

Wyse 5470 All-In-One

1.3.1

1/10/2020

XPS 13 (9380)

1.9.1

1/6/2020

XPS 15 (9575) 2-in-1

1.10.0

1/21/2020

XPS 15 7590

1.4.0

12/5/2019

XPS 15 9570

1.14.0

12/3/2019

Affected products:

Dell Client Consumer and Commercial Platforms (see Resolution section below for complete list of affected products)
 

Resolution:

Customers should use the latest releases available from Dell support when updating their systems. Customers do not need to download and rerun update packages if the system is already running the latest BIOS, firmware, or driver content.

Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

SLN320348_en_US__1icon Notes:
  • Prior to installing the update, please ensure Windows Updates are up to date.
  • The dates listed are estimated availability dates and are subject to change without notice.
  • The platform list for Dell Client products will be updated periodically. Please check back frequently for the most up-to-date information.
  • Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.
  • Expected release dates are in the Month YYYY format.

Dell Client Consumer and Commercial Products Affected

The following is a list of impacted products and expected release dates:

Product

Update BIOS Version
(or greater)

Release Date (MM/DD/YYYY)
Expected Release ( Month /YYYY)

Dell G3 15 3590

1.9.2

2/17/2020

Dell G3 3579

1.11.0

1/6/2020

Dell G3 3779

1.11.0

1/6/2020

Dell G5 15 5590

1.11.1

11/27/2019

Dell G5 5090

1.1.2

12/3/2019

Dell G5 5587

1.12.2

2/10/2020

Dell G7 15 7590

1.11.1

11/27/2019

Dell G7 17 7790

1.11.1

11/27/2019

Dell G7 7588

1.12.2

2/10/2020

Inspiron 14 5490

1.4.0

12/11/2019

Inspiron 3480

1.7.0

12/18/2019

Inspiron 3481

1.6.0

12/18/2019

Inspiron 3490

1.5.0

12/19/2019

Inspiron 3493

1.4.0

12/19/2019

Inspiron 3580

1.7.0

12/18/2019

Inspiron 3581

1.6.0

12/18/2019

Inspiron 3583

1.7.0

12/18/2019

Inspiron 3584

1.6.0

12/18/2019

Inspiron 3590

1.5.0

12/19/2019

Inspiron 3593

1.4.0

12/19/2019

Inspiron 3780

1.7.0

12/18/2019

Inspiron 3781

1.6.0

12/18/2019

Inspiron 3790

1.5.0

12/19/2019

Inspiron 3793

1.4.0

12/19/2019

Inspiron 5390

1.7.1

1/7/2020

Inspiron 5391

1.3.0

12/12/2019

Inspiron 5480

2.6.1

3/18/2020

Inspiron 5481

2.6.1

3/18/2020

Inspiron 5482

2.6.1

3/18/2020

Inspiron 5491 2-in-1

1.4.0

12/11/2019

Inspiron 5493

1.4.0

12/19/2019

Inspiron 5494

1.5.0

12/19/2019

Inspiron 5498

1.4.0

12/11/2019

Inspiron 5580

2.6.1

3/18/2020

Inspiron 5582

2.6.1

3/18/2020

Inspiron 5583

1.9.1

1/7/2020

Inspiron 5584

1.9.1

1/7/2020

Inspiron 5590

1.4.0

12/11/2019

Inspiron 5591 2-in-1

1.4.0

12/11/2019

Inspiron 5593

1.4.0

12/19/2019

Inspiron 5594

1.5.0

12/19/2019

Inspiron 5598

1.4.0

12/11/2019

Inspiron 7380

1.10.0

4/14/2020

Inspiron 7386

1.7.1

3/19/2020

Inspiron 7390 2n1

1.7.1

1/16/2020

Inspiron 7391

1.3.0

12/12/2019

Inspiron 7391 2-in-1

1.3.1

12/3/2019

Inspiron 7490

1.2.1

11/26/2019

Inspiron 7580

1.10.0

4/14/2020

Inspiron 7586

1.7.1

3/19/2020

Inspiron 7590

1.5.1

11/27/2019

Inspiron 7590 2n1

1.7.1

1/16/2020

Inspiron 7591

1.5.1

11/27/2019

Inspiron 7591 2 in 1

1.3.1

12/3/2019

Inspiron 7786

1.7.1

3/19/2020

Inspiron 7791 2-in-1

1.3.1

12/3/2019

Latitude 3300

1.7.2

1/6/2020

Latitude 3301

1.7.0

12/6/2019

Latitude 3390 2-in-1

 1.12.2

2/18/2020

Latitude 3400

1.9.2

12/11/2019

Latitude 3490

1.11.0

3/13/2020

Latitude 3500

1.9.2

12/11/2019

Latitude 3590

1.11.0

3/13/2020

Latitude 5290

1.12.1

12/19/2019

Latitude 5290 2-in-1

1.11.2

12/5/2019

Latitude 5300

1.7.2

12/18/2019

Latitude 5300 2-IN-1

1.7.2

12/18/2019

Latitude 5400

1.6.3

12/28/2019

Latitude 5401

1.6.1

12/11/2019

Latitude 5420 Rugged

1.8.5

1/31/2020

Latitude 5424 Rugged

1.8.5

1/31/2020

Latitude 5490

1.12.1

12/19/2019

Latitude 5491

1.11.1

12/17/2019

Latitude 5500

1.6.3

12/28/2019

Latitude 5501

1.6.1

12/11/2019

Latitude 5590

1.12.1

12/19/2019

Latitude 5591

1.11.1

12/17/2019

Latitude 7200 2 in 1

1.6.2

12/19/2019

Latitude 7220 Rugged Extreme Tablet / Latitude 7220EX Rugged Extreme Tablet

1.3.1

12/6/2019

Latitude 7290

1.13.1

12/4/2019

Latitude 7300

1.6.1

12/20/2019

Latitude 7390

1.13.1

12/4/2019

Latitude 7390 2-in-1

1.12.1

11/26/2019

Latitude 7400

1.6.1

12/20/2019

Latitude 7400 2-in-1

1.6.0

12/20/2019

Latitude 7424 Rugged Extreme

1.8.5

1/31/2020

Latitude 7490

1.13.1

12/4/2019

Precision 3530

1.11.1

12/17/2019

Precision 3540

1.6.3

12/28/2019

Precision 3541

1.6.1

12/11/2019

Precision 5530

1.14.0

12/3/2019

Precision 5540

1.4.0

12/4/2019

Precision 7530

1.12.1

12/9/2019

Precision 7540

1.5.1

12/16/2019

Precision 7730

1.12.1

12/9/2019

Precision 7740

1.5.1

12/16/2019

Vostro 15 7580

1.12.2

2/10/2020

Vostro 3480

1.7.0

12/18/2019

Vostro 3481

1.6.0

12/18/2019

Vostro 3490

1.5.0

12/19/2019

Vostro 3580

1.7.0

12/18/2019

Vostro 3581

1.6.0

12/18/2019

Vostro 3583

1.7.0

12/18/2019

Vostro 3584

1.6.0

12/18/2019

Vostro 3590

1.5.0

12/19/2019

Vostro 5390

1.7.1

1/7/2020

Vostro 5391

1.3.0

12/12/2019

Vostro 5481

2.6.1

3/18/2020

Vostro 5490

1.4.0

12/11/2019

Vostro 5581

2.6.1

3/18/2020

Vostro 5590

1.4.0

12/11/2019

Vostro 7590

1.5.1

11/27/2019

Wyse 5070 Thin Client

1.4.2

12/18/2019

Wyse 5470

1.2.1

1/10/2020

Wyse 5470 All-In-One

1.3.1

1/10/2020

XPS 13 (9380)

1.9.1

1/6/2020

XPS 15 (9575) 2-in-1

1.10.0

1/21/2020

XPS 15 7590

1.4.0

12/5/2019

XPS 15 9570

1.14.0

12/3/2019

Acknowledgements

Dell would like to thank Eran Shimony for reporting this vulnerability.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

G Series, Inspiron, Latitude, Vostro, XPS, Product Security Information

Last Published Date

21 Feb 2021

Version

5

Article Type

Dell Security Advisory

Back to Top