DSA-2020-108: Dell Dock Firmware Update Utilities Arbitrary File Overwrite Vulnerability
요약: Dell Dock Firmware Update Utilities has been updated to address an arbitrary file overwrite vulnerability.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
High
세부 정보
- Arbitrary File Overwrite Vulnerability
CVE-2020-5357
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
CVSS Base Score: 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
- Arbitrary File Overwrite Vulnerability
CVE-2020-5357
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
CVSS Base Score: 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
영향을 받는 제품 및 문제 해결
Affected products:
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations (see Resolution section below for complete list of affected products)
Remediation:
Customers should use the latest releases available from Dell support when updating their systems. Customers do not need to download and rerun update packages if the system is already running the latest BIOS, firmware or driver content.
Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).
Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.
Notes:
- Prior to installing the update, please ensure Windows Updates are up to date.
- The dates listed are subject to change without notice.
- The platform list for Dell Client products will be updated periodically. Please check back frequently for the most up-to-date information.
- Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
- Release dates below are in U.S. format of MM/DD/YYYY.
- Expected release dates are in the Month YYYY format.
Dell Client Consumer and Commercial Products Affected
The following is a list of impacted products:
|
Product |
Update firmware Version |
Release Date (MM/DD/YYYY) |
|---|---|---|
|
1.0.8 |
5/8/2020 |
|
|
1.0.14 |
5/22/2020 |
|
|
1.0.4 |
5/8/2020 |
|
|
1.0.10 |
5/8/2020 |
Affected products:
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations (see Resolution section below for complete list of affected products)
Remediation:
Customers should use the latest releases available from Dell support when updating their systems. Customers do not need to download and rerun update packages if the system is already running the latest BIOS, firmware or driver content.
Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).
Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.
Notes:
- Prior to installing the update, please ensure Windows Updates are up to date.
- The dates listed are subject to change without notice.
- The platform list for Dell Client products will be updated periodically. Please check back frequently for the most up-to-date information.
- Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
- Release dates below are in U.S. format of MM/DD/YYYY.
- Expected release dates are in the Month YYYY format.
Dell Client Consumer and Commercial Products Affected
The following is a list of impacted products:
|
Product |
Update firmware Version |
Release Date (MM/DD/YYYY) |
|---|---|---|
|
1.0.8 |
5/8/2020 |
|
|
1.0.14 |
5/22/2020 |
|
|
1.0.4 |
5/8/2020 |
|
|
1.0.10 |
5/8/2020 |
감사의 말
Dell would like to thank Eran Shimony for reporting this vulnerability.
관련 정보
법적 고지 사항
해당 제품
Dell Dock WD15, Dell Dock with Monitor Stand DS1000, Dell Dock WD19문서 속성
문서 번호: 000130238
문서 유형: Dell Security Advisory
마지막 수정 시간: 18 8월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.