ByteOS Network

Type	CWE ID	Description
CWE	CWE-732	CWE-732: Incorrect Permission Assignment for Critical Resource

Version	Base score	Base severity	Vector
3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Hyperlink	Resource
https://www.dell.com/support/article/SLN321789	x_refsource_MISC

Hyperlink	Resource
https://www.dell.com/support/article/SLN321789	x_refsource_MISC x_transferred

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE ID	Type	Source
CWE-732	Primary	nvd@nist.gov
CWE-732	Secondary	security_alert@emc.com

Hyperlink	Source	Resource
https://www.dell.com/support/article/SLN321789	security_alert@emc.com	Vendor Advisory

CVE-2021-36325

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.91%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-16 Sep, 2024 | 20:31

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36323

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.91%

||

7 Day CHG~0.00%

Published-12 Nov, 2021 | 22:15

Updated-17 Sep, 2024 | 02:02

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36283

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.04% / 10.91%

||

7 Day CHG~0.00%

Published-28 Sep, 2021 | 19:20

Updated-16 Sep, 2024 | 16:58

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2021-36311

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.04% / 9.64%

||

7 Day CHG~0.00%

Published-23 Nov, 2021 | 20:00

Updated-16 Sep, 2024 | 22:09

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-285

Improper Authorization

CVE-2021-36297

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 16.28%

||

7 Day CHG~0.00%

Published-28 Sep, 2021 | 19:20

Updated-16 Sep, 2024 | 20:38

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,

Vendor-Dell Inc.

Product-supportassist_for_home_pcs SupportAssist Client Consumer

CWE ID-CWE-426

Untrusted Search Path

CVE-2023-48670

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 10.84%

||

7 Day CHG~0.00%

Published-22 Dec, 2023 | 15:57

Updated-02 Aug, 2024 | 21:37

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

Vendor-Dell Inc.

Product-supportassist_for_home_pcs SupportAssist Client Consumer

CWE ID-CWE-426

Untrusted Search Path

CVE-2022-29092

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.16% / 36.95%

||

7 Day CHG~0.00%

Published-10 Jun, 2022 | 20:05

Updated-17 Sep, 2024 | 02:06

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs SupportAssist Consumer

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2015-0949

Matching Score-8

Assigner-CERT/CC

View Details

Matching Score-8

Assigner-CERT/CC

CVSS Score-7.8||HIGH

EPSS-0.08% / 23.55%

||

7 Day CHG~0.00%

Published-30 Jan, 2020 | 20:45

Updated-06 Aug, 2024 | 04:26

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Vendor-HP Dell Inc.HP Inc.

Product-latitude_e6430 elitebook_850_g1 latitude_e6430_firmware elitebook_850_g1_firmware Latitude E6430 EliteBook 850 G1

CWE ID-CWE-269

Improper Privilege Management

CVE-2023-4401

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.43% / 61.35%

||

7 Day CHG~0.00%

Published-05 Oct, 2023 | 17:12

Updated-19 Sep, 2024 | 18:52

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

Vendor-Dell Inc.

Product-smartfabric_storage_software Dell SmartFabric Storage Software

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21545

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.56%

||

7 Day CHG~0.00%

Published-12 Apr, 2021 | 19:50

Updated-16 Sep, 2024 | 17:44

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Vendor-Dell Inc.

Product-peripheral_manager Dell Peripheral Manager

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2021-21601

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-0.04% / 10.16%

||

7 Day CHG~0.00%

Published-10 Aug, 2021 | 19:05

Updated-17 Sep, 2024 | 03:02

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_integrated_data_protection_appliance emc_data_protection_search Data Protection Search

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21553

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.03% / 7.84%

||

7 Day CHG~0.00%

Published-02 Aug, 2021 | 23:45

Updated-17 Sep, 2024 | 03:54

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

Vendor-Dell Inc.

Product-powerscale_onefs PowerScale OneFS

CWE ID-CWE-286

Incorrect User Management

CVE-2021-21527

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6||MEDIUM

EPSS-0.05% / 16.80%

||

7 Day CHG~0.00%

Published-06 May, 2021 | 12:40

Updated-16 Sep, 2024 | 18:28

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21503

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.12% / 31.27%

||

7 Day CHG~0.00%

Published-08 Mar, 2021 | 21:44

Updated-17 Sep, 2024 | 03:43

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2021-21555

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.15% / 36.31%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 22:29

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21556

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.1||MEDIUM

EPSS-0.05% / 14.70%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-17 Sep, 2024 | 01:40

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-21552

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.2||MEDIUM

EPSS-0.14% / 34.60%

||

7 Day CHG~0.00%

Published-21 May, 2021 | 20:05

Updated-16 Sep, 2024 | 23:46

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Vendor-Microsoft Corporation Dell Inc.

Product-wyse_5070_thin_client wyse_5470_all-in-one_thin_client wyse_5470_thin_client windows_10 Wyse Windows Embedded (WES)

CWE ID-CWE-863

Incorrect Authorization

CVE-2021-21531

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.14% / 35.42%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 21:10

Updated-17 Sep, 2024 | 03:48

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

Vendor-Dell Inc.

Product-unisphere_for_powermax_virtual_appliance unisphere_for_powermax solutions_enabler_virtual_appliance powermax_os solutions_enabler Unisphere for PowerMax

CWE ID-CWE-602

Client-Side Enforcement of Server-Side Security

CWE ID-CWE-669

Incorrect Resource Transfer Between Spheres

CVE-2021-21535

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.4||HIGH

EPSS-0.03% / 8.13%

||

7 Day CHG~0.00%

Published-30 Apr, 2021 | 17:40

Updated-16 Sep, 2024 | 23:35

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Vendor-Dell Inc.

Product-hybrid_client Dell Hybrid Client (DHC)

CWE ID-CWE-306

Missing Authentication for Critical Function

CVE-2021-21546

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 11.85%

||

7 Day CHG~0.00%

Published-29 Jul, 2021 | 15:55

Updated-16 Sep, 2024 | 23:56

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

Vendor-Dell Inc.

Product-emc_networker NetWorker

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2021-21561

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.10%

||

7 Day CHG~0.00%

Published-23 Nov, 2021 | 20:00

Updated-16 Sep, 2024 | 19:20

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

Vendor-Dell Inc.

Product-emc_powerscale_onefs PowerScale OneFS

CWE ID-CWE-532

Insertion of Sensitive Information into Log File

CVE-2023-44290

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 11.12%

||

7 Day CHG~0.00%

Published-23 Nov, 2023 | 06:46

Updated-02 Aug, 2024 | 19:59

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Vendor-Dell Inc.

Product-command\|monitor Dell Command Monitor (DCM)

CWE ID-CWE-284

Improper Access Control

CVE-2023-44282

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 12.04%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 09:16

Updated-29 Aug, 2024 | 14:50

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Vendor-Dell Inc.

Product-repository_manager Dell Repository Manager (DRM)

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-269

Improper Privilege Management

CVE-2021-21557

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.1||HIGH

EPSS-0.04% / 11.74%

||

7 Day CHG~0.00%

Published-14 Jun, 2021 | 19:10

Updated-16 Sep, 2024 | 17:02

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-125

Out-of-bounds Read

CVE-2021-21551

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.8||HIGH

EPSS-65.23% / 98.41%

||

7 Day CHG~0.00%

Published-04 May, 2021 | 15:15

Updated-30 Jul, 2025 | 01:38

Known KEV||Action Due Date - 2022-04-21||Apply updates per vendor instructions.

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Vendor-Dell Inc.

Product-inspiron_5521 inspiron_7706_2-in-1 latitude_5520 vostro_5391 precision_5720_aio optiplex_7770_aio precision_5820_xl_tower latitude_3440 vostro_14_3458 latitude_5495 latitude_5401 latitude_e7440 xps_13_9360 inspiron_3157 optiplex_3046 latitude_12_rugged_tablet_7212 inspiron_5520 vostro_3591 inspiron_3880 vostro_3900 optiplex_7440_aio latitude_e5540 latitude_14_rugged_extreme_7414 precision_3560 precision_3420_tower wyse_5070 precision_3520 inspiron_5584 inspiron_1545 chengming_3990 latitude_e7270_wyse_tc vostro_3584 latitude_7390_2-in-1 inspiron_3168 latitude_3480 latitude_7380 inspiron_5590 vostro_260 inspiron_one_19 inspiron_7501 optiplex_7060 latitude_3310_2-in-1 latitude_3310 latitude_7400 precision_3540 vostro_14_5471 inspiron_7359 inspiron_5548 latitude_rugged_5420 inspiron_5482 alienware_asm100r2 inspiron_7391_2-in-1 latitude_12_rugged_extreme_7214 precision_m6600 vostro_5490 inspiron_5490_aio latitude_3490 inspiron_3581 precision_t7610 vostro_3800 thunderbolt_dock_tb18dc vostro_3560 precision_3550 latitude_3160 optiplex_3090_ultra latitude_e6540 inspiron_15-3552 latitude_5420 latitude_7320 inspiron_3670 xps_15_9560 inspiron_7500_2-in-1_silver inspiron_7390 optiplex_5270_aio optiplex_7460_all-in-one latitude_7290 precision_t5600 vostro_270s inspiron_5406_2-in-1 inspiron_5391 inspiron_3790 inspiron_3520 latitude_3120 inspiron_3590 inspiron_5737 latitude_e5420 xps_8700 optiplex_5250_all-in-one vostro_5390 latitude_e5570 vostro_3900g precision_3530 latitude_e5270 inspiron_5443 inspiron_7591 optiplex_7080 latitude_3560 latitude_5491 vostro_3400 optiplex_7040 dbutil precision_7520 latitude_7420 vostro_1550 inspiron_5409 inspiron_15_gaming_7566 latitude_xt3 g7_7790 vostro_15_7570 latitude_rugged_extreme_tablet_7220 latitude_3301 latitude_3410 inspiron_2330 optiplex_7071 inspiron_14_5468 inspiron_24-5475 inspiron_5481_2-in-1 precision_t7910 vostro_5480 inspiron_5498 vostro_3010 inspiron_3656 precision_t5810 inspiron_620 xps_9530 latitude_5490 vostro_7590 optiplex_5050 latitude_3470 latitude_7200_2-in-1 latitude_3480_mobile_thin_client vostro_3501 xps_8940 optiplex_fx130 precision_7920_tower g3_3500 precision_m4600 vostro_20_3052 optiplex_3011_aio optiplex latitude_e6530 latitude_e6440 vostro_3590 xps_17_9700 canvas_27 latitude_3300 precision_7550 inspiron_3252 optiplex_7760_aio inspiron_3501 latitude_3390 precision_t3500 inspiron_7537 vostro_3901 inspiron_24-3452 xps_12_9250 xps_13_9380 inspiron_7300 vostro_5301 vostro_5401 optiplex_9020 precision_7530 latitude_7285 inspiron_7490 inspiron_7548 latitude_e5470 inspiron_17_5767 chengming_3980 precision_7710 inspiron_5509 alienware_m14xr2 vostro_3481 xps_9550 latitude_5591 latitude_3330 inspiron_3481 xps_13_9305 inspiron_3780 vostro_3669 inspiron_14_gaming_7466 inspiron_5537 latitude_e6330 optiplex_3280_aio precision_3551 xps_8900 latitude_e5430 inspiron_5598 latitude_7400_2in1 vostro_3881 optiplex_7450_all-in-one inspiron_7506_2-in-1 precision_3930_xl_rack latitude_rugged_7424 inspiron_5493 inspiron_7558 latitude_5510 inspiron_5448 xps_13_9310_2-in-1 inspiron_7737 vostro_3470 inspiron_3881 vostro_7500 inspiron_5400_aio inspiron_3793 wyse_5470 vostro_3580 optiplex_5040 precision_3541 precision_5530_2-in-1 inspiron_5323 inspiron_580s precision_5510 inspiron_15_7572 inspiron_5423 precision_3510 inspiron_7437 vostro_230 vostro_2521 xps_9350 inspiron_3043 inspiron_5400_2-in-1 latitude_3500 g7_7590 latitude_e6230 inspiron_7500_2-in-1_black inspiron_15-5559 latitude_3190_2-in-1 chengming_3991 inspiron_3443 vostro_5890 g7_7700 precision_m6700 xps_13_7390_2-in-1 inspiron_3471 inspiron_17-5759 latitude_5288 latitude_3510 xps_15_9575_2-in-1 optiplex_5055 optiplex_3080 inspiron_3437 inspiron_7590_2-in-1 precision_t7810 optiplex_3030_aio wyse_7040_thin_client latitude_3450 precision_3620_tower inspiron_14_gaming_7467 inspiron_15z inspiron_5408 inspiron_20-3052 latitude_e7470 xps_13_9300 inspiron_3480 optiplex_xe3 latitude_3460_wyse_tc latitude_5300_2-in-1 vostro_3500 alienware_m15_r4 inspiron_7380 inspiron_3543 precision_3930_rack inspiron_14-5459 inspiron_5543 g3_3579 inspiron_7720 optiplex_5480_aio vostro_15_3561 vostro_3668 embedded_box_pc_5000 vostro_5581 precision_5550 vostro_5402 xps_13_9370 latitude_5280 latitude_5175 vostro_5880 vostro_5590 latitude_3150 latitude_5480 xps_13_9343 vostro_3267 xps_13_9365_2-in-1 latitude_7370 vostro_13_5370 inspiron_3580 vostro_3905 precision_t1700 g5_5090 inspiron_5583 latitude_e6220 dock_wd15 optiplex_990 inspiron_3521 inspiron_13_5370 inspiron_1210 inspiron_7591_2-in-1 inspiron_5508 optiplex_7090_ultra vostro_3252 inspiron_7559 optiplex_3010 precision_3640 latitude_e6320 inspiron_14-3452 latitude_e7270 vostro_3902 dock_wd19 latitude_5250 xps_13_7390 inspiron_5580 inspiron_3490 inspiron_7586 inspiron_3781 latitude_7280 optiplex_7020 optiplex_5055_ryzen_cpu latitude_3380 optiplex_7050 inspiron_1564 precision_7510 inspiron_3646 vostro_14-3446 precision_3440 alienware_14 latitude_7300 precision_t3610 precision_3240_cff g3_3779 precision_7820_tower latitude_rugged_5424 latitude_9510 precision_5530 precision_t7500 optiplex_3070 g5_5500 precision_7730 optiplex_xe2 inspiron_24-3455 latitude_5511 inspiron_3593 latitude_7490 latitude_e7270_mobile_thin_client optiplex_7480_aio thunderbolt_dock_tb16 latitude_5320 latitude_5580 vostro_5300 vostro_5591 latitude_5290_2-in-1 xps_27_7760 inspiron_7580 precision_5540 xps_13_9310 xps_one_2710 vostro_3660 latitude_5179 inspiron_7790 inspiron_3584 latitude_5450 vostro_3583 inspiron_3647 latitude_7210_2_in_1 inspiron_5402 latitude_3460 inspiron_3671 inspiron_3147 vostro_3471 inspiron_3542 precision_3630_tower latitude_e5530 inspiron_14_7460 alienware_m17xr4 inspiron_7746 vostro_270 inspiron_3470 inspiron_5301 vostro_3888 inspiron_660s latitude_5501 inspiron_5676 latitude_3570 vostro_15_5568 inspiron_5490 latitude_7389 precision_5820_tower vostro_3070 precision_7540 vostro_5502 inspiron_3268 inspiron_3655 inspiron_15_7560 vostro_5491 inspiron_3442 precision_m4700 inspiron_5491_aio latitude_5300 vostro_5501 inspiron_5348 latitude_7275 latitude_7390 inspiron_15_5567 precision_7920_xl_tower latitude_3580 g5_5590 inspiron_11-3162 inspiron_5494 g15_5510 latitude_5285_2-in-1 g7_7588 precision_3430_tower vostro_14-5459 vostro_20_3055 inspiron_3583 inspiron_7368 latitude_3350 inspiron_5390 optiplex_3050_aio inspiron_7472 latitude_5200 latitude_9410 inspiron_1122 chengming_3988 inspiron_3537 optiplex_9010 optiplex_fx170 inspiron_15_5566 optiplex_3050 inspiron_7500 optiplex_5080 optiplex_7010 latitude_3190 inspiron_5576 inspiron_5570 inspiron_5593 latitude_e5440 optiplex_5070 latitude_7310 optiplex_7070_ultra optiplex_780 xps_15_9570 latitude_5400 vostro_3671 latitude_7480 latitude_3400 latitude_3550 inspiron_3891 vostro_3490 optiplex_790 latitude_5285 precision_t5610 vostro_3491 latitude_7520 latitude_5550 precision_7720 precision_7750 latitude_5410 vostro_3268 vostro_3480 inspiron_7386 inspiron_7786 vostro_5090 inspiron_5480 alienware_m18xr2 latitude_14_rugged_extreme_7404 vostro_5410 vostro_3667 latitude_5280_mobile_thin_client latitude_7410 latitude_3590 optiplex_5060 inspiron_5577 latitude_7350 gaming_g3_3590 g5_5587 chengming_3977 xps_7590 vostro_470 precision_t3600 precision_7820_xl_tower inspiron_5591_2-in-1 latitude_5310_2-in-1 latitude_14_rugged_5414 inspiron_15_gaming_7577 optiplex_9030_aio inspiron_7391 chengming_3967 latitude_e7450 latitude_3340 precision_5520 inspiron_5300 precision_t7600 latitude_5290 vostro_5481 cheng_ming_3967 latitude_e7250 inspiron_15_5582_2-in-1 latitude_rugged_extreme_tablet_7220ex latitude_3180 inspiron_7590 latitude_12_7285 inspiron_15_gaming_7567 g5_5000 inspiron_5502 vostro_3890 vostro_3681 optiplex_3040 inspiron_15-5565 xps_15_9500 latitude_e7240 inspiron_7791 inspiron_660 latitude_5500 optiplex_5055_ryzen_apu alienware_asm100 optiplex_7070 optiplex_3020 vostro_3401 optiplex_5260_all-in-one precision_t5500 wyse_5470_all-in-one alienware_17_51m_r2 latitude_rugged_extreme_7424 vostro_3690 vostro_1450 inspiron_3847 precision_3431_tower inspiron_7306_2-in-1 latitude_5590 vostro_220s inspiron_one_2020 latitude_3189 latitude_e6430_atg precision_17_m5750 inspiron_7300_2-in-1 inspiron_5401 vostro_3670 precision_7740 g7_7500 inspiron_3421 latitude_e6430 latitude_5289 vostro_14_5468 optiplex_5055_a-serial optiplex_390 inspiron_5491_2-in-1 latitude_5488 vostro_3581 inspiron_7520 vostro_15_7580 optiplex_3060 inspiron_7700 inspiron_5485_2-in-1 inspiron_5770 precision_r5500 inspiron_5594 inspiron_5749 precision_3430_xl inspiron_3048 inspiron_7400 inspiron_5501 alienware_area_51 inspiron_3493 optiplex_3240_all-in-one latitude_5411 optiplex_7780_aio latitude_5310 inspiron_3668 dbutil dbutil Driver

CWE ID-CWE-782

Exposed IOCTL with Insufficient Access Control

CVE-2023-44285

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.51%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:31

Updated-02 Aug, 2024 | 19:59

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

Vendor-Dell Inc.

Product-powerprotect_data_domain powerprotect_data_protection dd9400 dp5900 apex_protection_storage powerprotect_data_domain_management_center emc_data_domain_os dd6400 dd3300 dd9900 dd6900 dp4400 PowerProtect DD

CWE ID-CWE-1220

Insufficient Granularity of Access Control

CVE-2021-21518

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.04% / 9.56%

||

7 Day CHG~0.00%

Published-12 Mar, 2021 | 20:10

Updated-16 Sep, 2024 | 19:31

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs supportassist_client_promanage Dell SupportAssist Client

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2023-44283

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.07% / 20.95%

||

7 Day CHG~0.00%

Published-14 Feb, 2024 | 07:49

Updated-17 Oct, 2024 | 14:29

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs SupportAssist for Home PCs SupportAssist for Business PCs supportassist_for_business_pcs supportassist_for_home_pcs

CWE ID-CWE-284

Improper Access Control

CVE-2023-44292

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 12.04%

||

7 Day CHG~0.00%

Published-16 Nov, 2023 | 09:22

Updated-14 Aug, 2024 | 18:08

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

Vendor-Dell Inc.

Product-repository_manager Dell Repository Manager (DRM)repository_manager

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-269

Improper Privilege Management

CVE-2023-44277

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.08% / 24.41%

||

7 Day CHG~0.00%

Published-14 Dec, 2023 | 15:05

Updated-02 Aug, 2024 | 19:59

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Vendor-Dell Inc.

Product-powerprotect_data_domain powerprotect_data_protection dd9400 dp5900 apex_protection_storage powerprotect_data_domain_management_center emc_data_domain_os dd6400 dd3300 dd9900 dd6900 dp4400 PowerProtect DD

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-44289

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.04% / 11.12%

||

7 Day CHG~0.00%

Published-23 Nov, 2023 | 06:41

Updated-05 Jun, 2025 | 14:11

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

Vendor-Dell Inc.

Product-command\|configure Dell Command Configure (DCC)

CWE ID-CWE-284

Improper Access Control

CVE-2023-43086

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.03% / 6.86%

||

7 Day CHG~0.00%

Published-23 Nov, 2023 | 06:27

Updated-02 Aug, 2024 | 19:37

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

Vendor-Dell Inc.

Product-command\|configure Dell Command Configure (DCC)

CWE ID-CWE-284

Improper Access Control

CVE-2023-43066

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.00% / 0.18%

||

7 Day CHG~0.00%

Published-23 Oct, 2023 | 15:00

Updated-11 Sep, 2024 | 14:06

Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.

Vendor-Dell Inc.

Product-unity_operating_environment unityvsa_operating_environment unity_xt_operating_environment Unity

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-43068

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.34% / 56.06%

||

7 Day CHG~0.00%

Published-05 Oct, 2023 | 17:16

Updated-19 Sep, 2024 | 18:51

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

Vendor-Dell Inc.

Product-smartfabric_storage_software Dell SmartFabric Storage Software

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-43072

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-4.4||MEDIUM

EPSS-0.03% / 8.22%

||

7 Day CHG~0.00%

Published-05 Oct, 2023 | 17:47

Updated-19 Sep, 2024 | 18:35

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

Vendor-Dell Inc.

Product-smartfabric_storage_software Dell SmartFabric Storage Software

CWE ID-CWE-284

Improper Access Control

CVE-2023-43069

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.08% / 25.41%

||

7 Day CHG~0.00%

Published-05 Oct, 2023 | 17:25

Updated-19 Sep, 2024 | 18:50

Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.

Vendor-Dell Inc.

Product-smartfabric_storage_software Dell SmartFabric Storage Software

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2023-43078

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.7||MEDIUM

EPSS-0.03% / 5.79%

||

7 Day CHG~0.00%

Published-28 Aug, 2024 | 05:33

Updated-19 Dec, 2024 | 15:53

Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.

Vendor-Dell Inc.

CWE ID-CWE-59

Improper Link Resolution Before File Access ('Link Following')

CVE-2023-43079

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.02% / 4.93%

||

7 Day CHG~0.00%

Published-13 Oct, 2023 | 11:52

Updated-27 Feb, 2025 | 20:40

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.

Vendor-Dell Inc.

Product-emc_openmanage_server_administrator Dell OpenManage Server Administrator

CWE ID-CWE-284

Improper Access Control

CVE-2022-26862

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 9.50%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 17:49

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26860

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.5||HIGH

EPSS-0.02% / 3.60%

||

7 Day CHG~0.00%

Published-06 Sep, 2022 | 20:15

Updated-17 Sep, 2024 | 04:04

Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

Vendor-Dell Inc.

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2022-26864

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 9.50%

||

7 Day CHG~0.00%

Published-23 Jun, 2022 | 17:55

Updated-16 Sep, 2024 | 20:11

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Vendor-Dell Inc.

CWE ID-CWE-20

Improper Input Validation

CVE-2022-26856

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.2||HIGH

EPSS-0.04% / 11.72%

||

7 Day CHG~0.00%

Published-21 Apr, 2022 | 20:50

Updated-16 Sep, 2024 | 22:41

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account.

Vendor-Dell Inc.

Product-emc_repository_manager Dell Repository Manager (DRM)

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2022-26865

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.8||MEDIUM

EPSS-0.06% / 18.07%

||

7 Day CHG~0.00%

Published-26 May, 2022 | 15:20

Updated-16 Sep, 2024 | 23:16

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

Vendor-Dell Inc.

Product-supportassist_os_recovery Dell OS Recovery Tool

CWE ID-CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE ID-CWE-287

Improper Authentication

CVE-2022-26868

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.4||MEDIUM

EPSS-0.11% / 29.83%

||

7 Day CHG~0.00%

Published-02 Jun, 2022 | 21:00

Updated-17 Sep, 2024 | 04:25

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Vendor-Dell Inc.

Product-powerstore_x powerstore_t powerstoreos PowerStore

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2020-5343

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.3||HIGH

EPSS-0.02% / 3.44%

||

7 Day CHG~0.00%

Published-04 May, 2020 | 18:50

Updated-17 Sep, 2024 | 00:10

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

Vendor-Dell Inc.

Product-os_recovery_image_for_microsoft_windows_10 CPG SW

CWE ID-CWE-277

Insecure Inherited Permissions

CWE ID-CWE-863

Incorrect Authorization

CVE-2020-5342

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.20% / 42.56%

||

7 Day CHG~0.00%

Published-09 Mar, 2020 | 19:45

Updated-16 Sep, 2024 | 21:56

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.

Vendor-Dell Inc.

Product-digital_delivery Dell Digital Delivery (Cirrus)

CWE ID-CWE-276

Incorrect Default Permissions

CVE-2020-5361

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-5.1||MEDIUM

EPSS-0.05% / 15.65%

||

7 Day CHG~0.00%

Published-04 Jan, 2021 | 21:15

Updated-16 Sep, 2024 | 23:06

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.

Vendor-Dell Inc.

Product-cpg_bios CPG BIOS

CWE ID-CWE-640

Weak Password Recovery Mechanism for Forgotten Password

CVE-2020-5384

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-8.4||HIGH

EPSS-0.05% / 15.56%

||

7 Day CHG~0.00%

Published-31 Jul, 2020 | 17:45

Updated-16 Sep, 2024 | 23:30

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Vendor-Dell Inc.RSA Security LLC

Product-multifactor_authentication_agent RSA Authentication Agent for Microsoft Windows

CWE ID-CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE ID-CWE-287

Improper Authentication

CVE-2020-5376

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-6.8||MEDIUM

EPSS-0.05% / 13.54%

||

7 Day CHG~0.00%

Published-02 Sep, 2020 | 20:55

Updated-16 Sep, 2024 | 22:55

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Vendor-Dell Inc.

Product-inspiron_7347_bios inspiron_7347 CPG BIOS

CWE ID-CWE-416

Use After Free

CVE-2020-5316

Matching Score-8

Assigner-Dell

View Details

Matching Score-8

Assigner-Dell

CVSS Score-7.8||HIGH

EPSS-0.13% / 33.42%

||

7 Day CHG~0.00%

Published-22 Jul, 2021 | 17:00

Updated-17 Sep, 2024 | 04:19

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs Dell SupportAssist Client

CWE ID-CWE-427

Uncontrolled Search Path Element

CVE-2020-5358

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs