Lucene search
HistoryFeb 21, 2020 - 3:15 p.m.
CVE-2020-5324
dell
client
consumer
commercial
platforms
arbitrary file overwrite
vulnerability
symlink attack
nvd
2.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:N/I:P/A:P
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.7%
Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
Affected configurations
Node
dellg3_3579Match-
dellg3_3579_firmwareRange<1.11.0
Node
dellg3_3779Match-
dellg3_3779_firmwareRange<1.11.0
Node
dellg3_15_3590Match-
dellg3_15_3590_firmwareRange<1.9.2
Node
dellg5_15_5590Match-
dellg5_15_5590_firmwareRange<1.11.1
Node
dellg5_5090Match-
dellg5_5090_firmwareRange<1.1.2
Node
dellg5_5587Match-
dellg5_5587_firmwareRange<1.12.2
Node
dellg7_15_7590Match-
dellg7_15_7590_firmwareRange<1.11.1
Node
dellg7_17_7790Match-
dellg7_17_7790_firmwareRange<1.11.1
Node
dellg7_7588_firmwareRange<1.12.2
dellg7_7588Match-
Node
dellinspiron_14_5490_firmwareRange<1.4.0
dellinspiron_14_5490Match-
Node
dellinspiron_3480_firmwareRange<1.7.0
dellinspiron_3480Match-
Node
dellinspiron_3481_firmwareRange<1.6.0
dellinspiron_3481Match-
Node
dellinspiron_3490_firmwareRange<1.5.0
dellinspiron_3490Match-
Node
dellinspiron_3493_firmwareRange<1.4.0
dellinspiron_3493Match-
Node
dellinspiron_3580_firmwareRange<1.7.0
dellinspiron_3580Match-
Node
dellinspiron_3581_firmwareRange<1.6.0
dellinspiron_3581Match-
Node
dellinspiron_3583_firmwareRange<1.7.0
dellinspiron_3583Match-
Node
dellinspiron_3584_firmwareRange<1.6.0
dellinspiron_3584Match-
Node
dellinspiron_3590_firmwareRange<1.5.0
dellinspiron_3590Match-
Node
dellinspiron_3593_firmwareRange<1.4.0
dellinspiron_3593Match-
Node
dellinspiron_3780_firmwareRange<1.7.0
dellinspiron_3780Match-
Node
dellinspiron_3781_firmwareRange<1.6.0
dellinspiron_3781Match-
Node
dellinspiron_3790_firmwareRange<1.5.0
dellinspiron_3790Match-
Node
dellinspiron_3793_firmwareRange<1.4.0
dellinspiron_3793Match-
Node
dellinspiron_5390_firmwareRange<1.7.1
dellinspiron_5390Match-
Node
dellinspiron_5391_firmwareRange<1.3.0
dellinspiron_5391Match-
Node
dellinspiron_5480_firmwareRange<2.6.1
dellinspiron_5480Match-
Node
dellinspiron_5481_firmwareRange<2.6.1
dellinspiron_5481Match-
Node
dellinspiron_5482_firmwareRange≤2.6.1
dellinspiron_5482Match-
Node
dellinspiron_5491_firmwareRange<1.4.0
dellinspiron_5491Match-
Node
dellinspiron_5493_firmwareRange<1.4.0
dellinspiron_5493Match-
Node
dellinspiron_5494_firmwareRange<1.5.0
dellinspiron_5494Match-
Node
dellinspiron_5498_firmwareRange<1.4.0
dellinspiron_5498Match-
Node
dellinspiron_5580_firmwareRange<2.6.1
dellinspiron_5580Match-
Node
dellinspiron_5582_firmwareRange<2.6.1
dellinspiron_5582Match-
Node
dellinspiron_5583_firmwareRange<1.9.1
dellinspiron_5583Match-
Node
dellinspiron_5584_firmwareRange<1.9.1
dellinspiron_5584Match-
Node
dellinspiron_5590_firmwareRange<1.4.0
dellinspiron_5590Match-
Node
dellinspiron_5591_firmwareRange<1.4.0
dellinspiron_5591Match-
Node
dellinspiron_5593_firmwareRange<1.4.0
dellinspiron_5593Match-
Node
dellinspiron_5594_firmwareRange<1.5.0
dellinspiron_5594Match-
Node
dellinspiron_5598_firmwareRange<1.4.0
dellinspiron_5598Match-
Node
dellinspiron_7380_firmwareRange<1.10.0
dellinspiron_7380Match-
Node
dellinspiron_7386_firmwareRange<1.7.0
dellinspiron_7386Match-
Node
dellinspiron_7390_firmwareRange<1.7.1
dellinspiron_7390Match-
Node
dellinspiron_7391_firmwareRange<1.3.0
dellinspiron_7391Match-
Node
dellinspiron_7490_firmwareRange<1.2.1
dellinspiron_7490Match-
Node
dellinspiron_7580_firmwareRange<1.10.0
dellinspiron_7580Match-
Node
dellinspiron_7586_firmwareRange<1.7.0
dellinspiron_7586Match-
Node
dellinspiron_7590_firmwareRange<1.5.1
dellinspiron_7590Match-
Node
dellinspiron_7591_firmwareRange<1.5.1
dellinspiron_7591Match-
Node
dellinspiron_7786_firmwareRange<1.7.0
dellinspiron_7786Match-
Node
dellinspiron_7791_firmwareRange<1.3.1
dellinspiron_7791Match-
Node
delllatitude_3301_firmwareRange<1.7.0
delllatitude_3301Match-
Node
delllatitude_3300_firmwareRange<1.7.2
delllatitude_3300Match-
Node
delllatitude_3311_firmwareRange<1.3.0
delllatitude_3311Match-
Node
delllatitude_3390_firmwareRange<1.12.0
delllatitude_3390Match-
Node
delllatitude_3400_firmwareRange<1.9.2
delllatitude_3400Match-
Node
delllatitude_3490_firmwareRange<1.11.0
delllatitude_3490Match-
Node
delllatitude_3500_firmwareRange<1.9.2
delllatitude_3500Match-
Node
delllatitude_3590_firmwareRange<1.11.0
delllatitude_3590Match-
Node
delllatitude_5290_firmwareRange<1.12.1
delllatitude_5290Match-
Node
delllatitude_5300_firmwareRange<1.7.2
delllatitude_5300Match-
Node
delllatitude_5400_firmwareRange<1.6.3
delllatitude_5400Match-
Node
delllatitude_5401_firmwareRange<1.6.1
delllatitude_5401Match-
Node
delllatitude_5420_rugged_firmwareRange<1.8.5
delllatitude_5420_ruggedMatch-
Node
delllatitude_5424_rugged_firmwareRange<1.8.5
delllatitude_5424_ruggedMatch-
Node
delllatitude_5490_firmwareRange<1.12.1
delllatitude_5490Match-
Node
delllatitude_5491_firmwareRange<1.11.1
delllatitude_5491Match-
Node
delllatitude_5500_firmwareRange<1.6.3
delllatitude_5500Match-
Node
delllatitude_5501_firmwareRange<1.6.1
delllatitude_5501Match-
Node
delllatitude_5590_firmwareRange<1.12.1
delllatitude_5590Match-
Node
delllatitude_5591_firmwareRange<1.11.1
delllatitude_5591Match-
Node
delllatitude_7200_firmwareRange<1.6.2
delllatitude_7200Match-
Node
delllatitude_7220_rugged_extreme_tablet_firmwareRange<1.3.1
delllatitude_7220_rugged_extreme_tabletMatch-
Node
delllatitude_7220ex_rugged_extreme_tablet_firmwareRange<1.3.1
delllatitude_7220ex_rugged_extreme_tabletMatch-
Node
delllatitude_7290_firmwareRange<1.13.1
delllatitude_7290Match-
Node
delllatitude_7300_firmwareRange<1.6.1
delllatitude_7300Match-
Node
delllatitude_7390_firmwareRange<1.13.1
delllatitude_7390Match-
Node
delllatitude_7400_firmwareRange<1.6.1
delllatitude_7400Match-
Node
delllatitude_7424_rugged_extreme_firmwareRange<1.8.5
delllatitude_7424_rugged_extremeMatch-
Node
delllatitude_7490_firmwareRange<1.13.1
delllatitude_7490Match-
Node
dellprecision_3530_firmwareRange<1.11.1
dellprecision_3530Match-
Node
dellprecision_3540_firmwareRange<1.6.3
dellprecision_3540Match-
Node
dellprecision_3541_firmwareRange<1.6.1
dellprecision_3541Match-
Node
dellprecision_5530_firmwareRange<1.14.0
dellprecision_5530Match-
Node
dellprecision_5540_firmwareRange<1.6.3
dellprecision_5540Match-
Node
dellprecision_7530_firmwareRange<1.12.1
dellprecision_7530Match-
Node
dellprecision_7540_firmwareRange<1.5.1
dellprecision_7540Match-
Node
dellprecision_7730_firmwareRange<1.12.1
dellprecision_7730Match-
Node
dellprecision_7740_firmwareRange<1.5.1
dellprecision_7740Match-
Node
dellvostro_15_7580_firmwareRange<1.12.2
dellvostro_15_7580Match-
Node
dellvostro_3480_firmwareRange<1.7.0
dellvostro_3480Match-
Node
dellvostro_3481_firmwareRange<1.6.0
dellvostro_3481Match-
Node
dellvostro_3490_firmwareRange<1.5.0
dellvostro_3490Match-
Node
dellvostro_3580_firmwareRange<1.7.0
dellvostro_3580Match-
Node
dellvostro_3581_firmwareRange<1.6.0
dellvostro_3581Match-
Node
dellvostro_3583_firmwareRange<1.7.0
dellvostro_3583Match-
Node
dellvostro_3584_firmwareRange<1.6.0
dellvostro_3584Match-
Node
dellvostro_3590_firmwareRange<1.5.0
dellvostro_3590Match-
Node
dellvostro_5390_firmwareRange<1.7.1
dellvostro_5390Match-
Node
dellvostro_5391_firmwareRange<1.3.0
dellvostro_5391Match-
Node
dellvostro_5481_firmwareRange<2.6.1
dellvostro_5481Match-
Node
dellvostro_5490_firmwareRange<1.4.0
dellvostro_5490Match-
Node
dellvostro_5581_firmwareRange<2.6.1
dellvostro_5581Match-
Node
dellvostro_5590_firmwareRange<1.4.0
dellvostro_5590Match-
Node
dellvostro_7590_firmwareRange<1.5.1
dellvostro_7590Match-
Node
dellwyse_5070_thin_client_firmwareRange<1.4.2
dellwyse_5070_thin_clientMatch-
Node
dellwyse_5470_firmwareRange<1.2.1
dellwyse_5470Match-
Node
dellxps_13_9380Match-
dellxps_13_9380_firmwareRange<1.9.1
Node
dellxps_15_9575Match-
dellxps_15_9575_firmwareRange<1.10.0
Node
dellxps_15_7590Match-
dellxps_15_7590_firmwareRange<1.4.0
Node
dellxps_15_9570Match-
dellxps_15_9570_firmwareRange<1.14.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| dell:g3_3579_firmware | dell g3 3579 firmware | lt | 1.11.0 |
CNA Affected
[
{
"product": "Dell Client Consumer and Commercial Platforms",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "https://www.dell.com/support/article/SLN320348"
}
]
}
]References
Related
nvd
nvd
CVE-2020-5324
2020-02-21 15:15:12
prion
prion
Arbitrary file deletion
2020-02-21 15:15:00
cvelist
cvelist
CVE-2020-5324
2020-02-18 00:00:00
2.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:N/I:P/A:P
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.7%
Related for CVE-2020-5324