CVE-2020-5326Missing Authentication for Critical Function in Dell Chengming 3980 Firmware

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
5.3MEDIUMNVD
CNA6.1
EPSS
0.1%
top 82.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
175
Dell Chengming 3980 FirmwareDell Embedded BOX PC 5000 FirmwareDell G3 3579 Firmware+172 more
Timeline
PublishedFeb 21
Latest updateMay 24

Description

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 0.9 | Impact: 4.0

Affected Packages175 packages

CVEListV5dell/dell_client_consumer_and_commercial_platformshttps://www.dell.com/support/article/SLN320337
NVDdell/g3_3579_firmware< 1.10.0
NVDdell/g3_3779_firmware< 1.10.0
NVDdell/g5_5587_firmware< 1.11.1

🔴Vulnerability Details

2
GHSA
GHSA-54w5-fqwp-fvm2: Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Tec2022-05-24
CVEList
CVE-2020-5326: Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Tec2020-02-21
CVE-2020-5326 — Dell vulnerability | cvebase