High
CVE-2020-5357
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
CVSS Base Score: 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
CVE-2020-5357
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.
CVSS Base Score: 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
Affected products:
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations (see Resolution section below for complete list of affected products)
Remediation:
Customers should use the latest releases available from Dell support when updating their systems. Customers do not need to download and rerun update packages if the system is already running the latest BIOS, firmware or driver content.
Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).
Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.
Notes:Dell Client Consumer and Commercial Products Affected
The following is a list of impacted products:
Product |
Update firmware Version |
Release Date (MM/DD/YYYY) |
---|---|---|
1.0.8 |
5/8/2020 |
|
1.0.14 |
5/22/2020 |
|
1.0.4 |
5/8/2020 |
|
1.0.10 |
5/8/2020 |
Affected products:
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations (see Resolution section below for complete list of affected products)
Remediation:
Customers should use the latest releases available from Dell support when updating their systems. Customers do not need to download and rerun update packages if the system is already running the latest BIOS, firmware or driver content.
Dell recommends that customers follow security best practices for malware protection and use security software to help protect against malware (e.g., advanced threat prevention software or anti-virus).
Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.
Notes:Dell Client Consumer and Commercial Products Affected
The following is a list of impacted products:
Product |
Update firmware Version |
Release Date (MM/DD/YYYY) |
---|---|---|
1.0.8 |
5/8/2020 |
|
1.0.14 |
5/22/2020 |
|
1.0.4 |
5/8/2020 |
|
1.0.10 |
5/8/2020 |
Dell would like to thank Eran Shimony for reporting this vulnerability.