CVE-2020-5324 — Uncontrolled Search Path Element in Dell G3 15 3590 Firmware

CWE-427 — Uncontrolled Search Path Element CWE-59 — Link Following3 documents3 sources

Severity

4.4MEDIUMNVD

CNA7.1

EPSS

0.1%

top 72.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

114

Dell G3 15 3590 Firmware Dell G3 3579 Firmware Dell G3 3779 Firmware +111 more

Timeline

PublishedFeb 21

Latest updateMay 24

Description

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update u…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages114 packages

▶CVEListV5dell/dell_client_consumer_and_commercial_platformshttps://www.dell.com/support/article/SLN320348

▶NVDdell/wyse_5070_thin_client_firmware< 1.4.2

▶NVDdell/g3_3579_firmware< 1.11.0

▶NVDdell/g3_3779_firmware< 1.11.0

▶NVDdell/g5_5090_firmware< 1.1.2

🔴Vulnerability Details

GHSA

GHSA-h3cp-w4mh-hq4h: Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability↗2022-05-24

▶

CVEList

CVE-2020-5324: Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability↗2020-02-21

▶