Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

DSA-2020-121: Dell Client Platform Security Update for BIOS Admin Password Change Verification Bypass Vulnerability

Summary: Dell Client Consumer and Commercial platforms require a security update to address a BIOS Admin password change verification bypass vulnerability.

This article applies to   This article does not apply to 
Check out resources for

Impact

High

Details

  • Admin Password Change Verification Bypass Vulnerability

CVE-2020-5363

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

  • Admin Password Change Verification Bypass Vulnerability

CVE-2020-5363

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

Affected products:

Dell Client Consumer and Commercial platforms (see Resolution section below for complete list of affected products)

Resolution:

The following is a list of impacted products and release dates. Dell recommends all customers update at the earliest opportunity.

We recommend customers follow security best practices and prevent unauthorized physical access to devices. Customers should ensure that OS protections are utilized, including OS Administrator password protections and OS login password to help prevent unauthorized access to the OS and the manageability interface. 

Please visit the Drivers and Downloads site for updates on the applicable products. Note, the following list of impacted products with released BIOS updates are linked. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Download notification applications to be notified and download driver, BIOS and firmware updates automatically once available.

SLN321604_en_US__1icon Notes:

  • Prior to installing the update, please ensure Windows Updates are current
  • The dates listed are estimated availability dates and are subject to change without notice.
  • The platform list for Dell Client products will be updated periodically. Please check back frequently for the most up-to-date information.
  • Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.

Dell Client Consumer and Commercial Platforms Affected

The following is a list of impacted products and release dates:

Product

Update BIOS Version
(or greater)

Release Date (MM/DD/YYYY)

Latitude 5300

1.9.4

5/22/2020

Latitude 5300 2-IN-1

1.9.4

5/22/2020

Latitude 5400

1.7.4

5/22/2020

Latitude 5401

1.8.4

5/22/2020

Latitude 5500

1.7.4

5/22/2020

Latitude 5501

1.8.4

5/22/2020

Latitude 7200 2 in 1

1.8.0

5/22/2020

Latitude 7220 / 7220EX Rugged Extreme Tablet

1.6.0

5/26/2020

Latitude 7300

1.7.4

5/22/2020

Latitude 7400

1.7.4

5/22/2020

Precision 3540

1.7.4

5/22/2020

Precision 3541

1.8.4

5/22/2020

Precision 7540

1.9.0

5/22/2020

Precision 7740

1.9.0

5/22/2020

XPS 13 9300

1.0.11

5/22/2020

XPS 7390 2-in-1

1.4.0

5/22/2020

XPS 7590

1.7.0

5/22/2020

Affected products:

Dell Client Consumer and Commercial platforms (see Resolution section below for complete list of affected products)

Resolution:

The following is a list of impacted products and release dates. Dell recommends all customers update at the earliest opportunity.

We recommend customers follow security best practices and prevent unauthorized physical access to devices. Customers should ensure that OS protections are utilized, including OS Administrator password protections and OS login password to help prevent unauthorized access to the OS and the manageability interface. 

Please visit the Drivers and Downloads site for updates on the applicable products. Note, the following list of impacted products with released BIOS updates are linked. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Download notification applications to be notified and download driver, BIOS and firmware updates automatically once available.

SLN321604_en_US__1icon Notes:

  • Prior to installing the update, please ensure Windows Updates are current
  • The dates listed are estimated availability dates and are subject to change without notice.
  • The platform list for Dell Client products will be updated periodically. Please check back frequently for the most up-to-date information.
  • Update versions in the table below are the first releases with the updates to address the security vulnerabilities. Releases at and above these versions will include the security updates.
  • Release dates below are in US format of MM/DD/YYYY.

Dell Client Consumer and Commercial Platforms Affected

The following is a list of impacted products and release dates:

Product

Update BIOS Version
(or greater)

Release Date (MM/DD/YYYY)

Latitude 5300

1.9.4

5/22/2020

Latitude 5300 2-IN-1

1.9.4

5/22/2020

Latitude 5400

1.7.4

5/22/2020

Latitude 5401

1.8.4

5/22/2020

Latitude 5500

1.7.4

5/22/2020

Latitude 5501

1.8.4

5/22/2020

Latitude 7200 2 in 1

1.8.0

5/22/2020

Latitude 7220 / 7220EX Rugged Extreme Tablet

1.6.0

5/26/2020

Latitude 7300

1.7.4

5/22/2020

Latitude 7400

1.7.4

5/22/2020

Precision 3540

1.7.4

5/22/2020

Precision 3541

1.8.4

5/22/2020

Precision 7540

1.9.0

5/22/2020

Precision 7740

1.9.0

5/22/2020

XPS 13 9300

1.0.11

5/22/2020

XPS 7390 2-in-1

1.4.0

5/22/2020

XPS 7590

1.7.0

5/22/2020

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Products

Latitude, XPS
Article Properties
Article Number: 000130081
Article Type: Dell Security Advisory
Last Modified: 10 Nov 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.
Article Properties
Article Number: 000130081
Article Type: Dell Security Advisory
Last Modified: 10 Nov 2021
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.