CVE-2020-5361Weak Password Recovery Mechanism for Forgotten Password in Dell CPG Bios

CWE-640Weak Password Recovery Mechanism for Forgotten PasswordCWE-457Use of Uninitialized Variable6 documents6 sources
Severity
7.6HIGHNVD
CNA5.1
EPSS
0.1%
top 83.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell CPG Bios
Timeline
PublishedJan 4
Latest updateDec 24

Description

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system coul

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages1 packages

CVEListV5dell/cpg_biosunspecifiedAll

🔴Vulnerability Details

3
OSV
wifi: mt76: mt7921e: fix rmmod crash in driver reload test2025-12-24
GHSA
GHSA-863x-vcg8-vghr: Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forg2022-05-24
CVEList
CVE-2020-5361: Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forg2021-01-04
CVE-2020-5361 — Dell CPG Bios vulnerability | cvebase