Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000133460

DSA-2020-035: Dell Client Authentication Bypass Vulnerability

Summary: Dell Client platforms require an update to address a BIOS Setup configuration authentication bypass vulnerability.

Article Content

Impact

Medium

Details

  • Authentication Bypass Vulnerability
CVE-2020-5326

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the preboot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system may potentially perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the preboot iRST Manager.

6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H  This hyperlink is taking you to a website outside of Dell Technologies.
  • Authentication Bypass Vulnerability
CVE-2020-5326

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the preboot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system may potentially perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the preboot iRST Manager.

6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H  This hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product
Dell Embedded Box PC 5000, Dell G3 3579, Dell G3 15 3590, Dell G5 15 5587, Dell G5 15 5590, Dell G7 15 7588, Dell G7 15 7590, Dell G3 3779, Dell G7 17 7790, Inspiron 5370, Inspiron 7380, Inspiron 7386 2-in-1, Inspiron 3480, Inspiron 3481 , Inspiron 5480, Inspiron 5481 2-in-1, Inspiron 5482 2-in-1, Inspiron 5488, Inspiron 14 Gaming 7466, Inspiron 14 Gaming 7467, Inspiron 7472, Inspiron 3580, Inspiron 3581, Inspiron 3583, Inspiron 3584, Inspiron 5570, Inspiron 5580, Inspiron 15 Gaming 7566, Inspiron 15 Gaming 7567, Inspiron 15 7572, Inspiron 15 Gaming 7577, Inspiron 7580, Inspiron 7586 2-in-1, Inspiron 7590, Inspiron 7591, Inspiron 3780, Inspiron 3781, Inspiron 5770, Inspiron 7786 2-in-1, Inspiron 3470, Inspiron 3670, Latitude 5289 2-in-1, Latitude 5290, Latitude 7212 Rugged Extreme Tablet, Latitude 7214 Rugged Extreme, Latitude 7280, Latitude 7285 2-in-1, Latitude 7290, Latitude 3300, Latitude 5300 2-in-1, Latitude 5300, Latitude 7300, Latitude 7370, Latitude 7380, Latitude 7389 2-in-1, Latitude 7390 2-in-1, Latitude 7390, Latitude 3490, Latitude 5400, Latitude 5401, Latitude 5420 Rugged, Latitude 5424 Rugged, Latitude 5490, Latitude 5491, Latitude 7400 2-in-1, Latitude 7400, Latitude 7414 Rugged, Latitude 7424 Rugged Extreme, Latitude 7480, Latitude 7490, Latitude 3590, Latitude 5500, Latitude 5501, Latitude 5580, Latitude 5590, Latitude 5591, Latitude 5175 2-in-1, Latitude 5179 2-in-1, Latitude 7202 Rugged Tablet, Latitude 7275, Latitude E5270, Latitude E5470, Latitude E5570, Latitude E7270, Latitude E7470, OptiPlex 3040 Tower, OptiPlex 3046 Tower, OptiPlex 3050 All-In-One, OptiPlex 3050 Tower, OptiPlex 3060 Tower, OptiPlex 3070 Tower, OptiPlex 3240 All-in-One, OptiPlex 5040 Tower, OptiPlex 5050 Tower, OptiPlex 5060 Tower, OptiPlex 5070 Tower, OptiPlex 5250 All-In-One, OptiPlex 5260 All-In-One, OptiPlex 5270 All-In-One, OptiPlex 7040 Tower, OptiPlex 7050 Tower, OptiPlex 7060 Tower, OptiPlex 7070 Tower, OptiPlex 7440 All-In-One, OptiPlex 7450 All-In-One, OptiPlex 7460 All-In-One, OptiPlex 7470 All-In-One, OptiPlex 7760 All-In-One, OptiPlex 7770 All-In-One, Optiplex XE3, Precision 3520, Precision 3530, Precision 3540, Precision 3541, Precision 5520, Precision 5530 2 in 1, Precision 5530, Precision 7520, Precision 7530, Precision 7540, Precision 7720, Precision 7730, Precision 7740, Precision 3430 Small Form Factor, Precision 3431, Precision 3630 Tower, Precision 3930 Rack, Precision 5720 AIO, Precision 5820 Tower, Precision 7820 Tower, Precision 7920 Tower, Precision 3510, Precision 5510, Precision 7510, Precision 7710, Dell Precision Tower 3420, Dell Precision Tower 3620, Precision Tower 5810, Dell Precision Tower 7810, Precision Tower 7910, Vostro 5370, Vostro 3480, Vostro 3481, Vostro 5471, Vostro 5481, Vostro 3580, Vostro 3581, Vostro 3583, Vostro 3584, Vostro 5581, Vostro 15 7570, Vostro 15 7580, Vostro 7590, Vostro 3070, Vostro 3470, Vostro 3670, Latitude E7270 mobile thin client, Latitude 3460 mobile thin client, Latitude 3480 mobile thin client, Wyse 5070 Thin Client, Latitude 5280 mobile thin client, Wyse 7040 Thin Client, XPS 12 9250, XPS 13 9343, XPS 13 9350, XPS 13 9360, XPS 13 9380, XPS 15 9550, XPS 15 9560, XPS 15 9570, XPS 15 9575 2-in-1, XPS 27 7760, XPS 8900 ...
Product

Product Security Information

Last Published Date

09 Mar 2023

Article Type

Dell Security Advisory

Back to Top