VAR-202101-1141
Vulnerability from variot - Updated: 2023-12-18 13:37Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication. Dell BIOS Contains a vulnerability in the password management function.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell Client Commercial and Dell Consumer are a series of workstation equipment from Dell in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpg bios",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "*"
},
{
"model": "bios",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"db": "NVD",
"id": "CVE-2020-5361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5361"
}
]
},
"cve": "CVE-2020-5361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-5361",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-183486",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.9,
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-5361",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-5361",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2020-5361",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-103",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-183486",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183486"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"db": "NVD",
"id": "CVE-2020-5361"
},
{
"db": "NVD",
"id": "CVE-2020-5361"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-103"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication. Dell BIOS Contains a vulnerability in the password management function.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell Client Commercial and Dell Consumer are a series of workstation equipment from Dell in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5361"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"db": "VULHUB",
"id": "VHN-183486"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5361",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015521",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202101-103",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-183486",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183486"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"db": "NVD",
"id": "CVE-2020-5361"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-103"
}
]
},
"id": "VAR-202101-1141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-183486"
}
],
"trust": 0.54285715
},
"last_update_date": "2023-12-18T13:37:34.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2020-119",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/ja-jp/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability"
},
{
"title": "Dell Client Commercial and Consumer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138357"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-103"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-640",
"trust": 1.1
},
{
"problemtype": "Weak password recovery mechanism when you forget your password (CWE-640) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183486"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"db": "NVD",
"id": "CVE-2020-5361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5361"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-183486"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"db": "NVD",
"id": "CVE-2020-5361"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-103"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-183486"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"db": "NVD",
"id": "CVE-2020-5361"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-103"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-183486"
},
{
"date": "2021-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"date": "2021-01-04T22:15:13.950000",
"db": "NVD",
"id": "CVE-2020-5361"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-103"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-29T00:00:00",
"db": "VULHUB",
"id": "VHN-183486"
},
{
"date": "2021-09-30T08:58:00",
"db": "JVNDB",
"id": "JVNDB-2020-015521"
},
{
"date": "2021-01-29T17:35:22.403000",
"db": "NVD",
"id": "CVE-2020-5361"
},
{
"date": "2021-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-103"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0BIOS\u00a0 Vulnerability in password management function",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015521"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-103"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…