Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-5361

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-04 Jan, 2021 | 21:15
Updated At-16 Sep, 2024 | 23:06
Rejected At-
Credits

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:04 Jan, 2021 | 21:15
Updated At:16 Sep, 2024 | 23:06
Rejected At:
▼CVE Numbering Authority (CNA)

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.

Affected Products
Vendor
Dell Inc.Dell
Product
CPG BIOS
Versions
Affected
  • From unspecified before All (custom)
Problem Types
TypeCWE IDDescription
CWECWE-640CWE-640: Weak Password Recovery Mechanism for Forgotten Password
Type: CWE
CWE ID: CWE-640
Description: CWE-640: Weak Password Recovery Mechanism for Forgotten Password
Metrics
VersionBase scoreBase severityVector
3.15.1MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Version: 3.1
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability
x_refsource_MISC
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:04 Jan, 2021 | 22:15
Updated At:29 Jan, 2021 | 17:35

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.6HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Secondary3.15.1MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Dell Inc.
dell
>>cpg_bios>>*
cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-640Primarynvd@nist.gov
CWE-640Secondarysecurity_alert@emc.com
CWE ID: CWE-640
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-640
Type: Secondary
Source: security_alert@emc.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerabilitysecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

80Records found

CVE-2025-36579
Matching Score-10
Assigner-Dell
ShareView Details
Matching Score-10
Assigner-Dell
CVSS Score-5.1||MEDIUM
EPSS-0.18% / 7.36%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 16:05
Updated-27 May, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-Inspiron 16 Plus 7640Dell Pro Max 14 MC14255Latitude 3530Dell Pro 13 Premium PA13250Dell 16 DC16251Latitude 3410Latitude 3430Dell Pro Tower Essential QVT1260Inspiron 24 5430 All-in-OneChengMing 3900Inspiron 14 5420Inspiron 16 5630Inspiron 27 7720 All-in-OneDell 14 DC14250Latitude 3450Dell 16 DC16250Latitude 3520Inspiron 3030SInspiron 15 3511Dell Pro 24 All-in-One Plus/Dell Pro 24 All-in-OneDell Pro Max 16 MC16255Inspiron 13 5320Inspiron 16 Plus 7620Dell Pro Slim Essential QVS1260Dell Pro Slim Plus QBS1250/Dell Pro Slim QCS1250Dell Tower Plus EBT2250Inspiron 14 7430 2-in-1Dell Pro 13 Plus PB13250Inspiron 3030Alienware 16 Area-51 AA16250Dell Pro Slim / QCS1255Latitude 3320Inspiron 14 5430Alienware 18 Area-51 AA18250Dell G16 7630Dell Pro Micro/Micro Plus QCM1250/QBM1250Inspiron 14 Plus 7420Dell Pro Micro / QCM1255Inspiron 16 7640 2-in-1Latitude 3440Dell Pro 16 Plus PB16255Latitude 3510Dell Pro Laptop PC16250Inspiron 14 7440 2-in-1Dell G15 5511Inspiron 7700 All-In-OneDell Pro 14 Essential PV14250Inspiron 14 5440Alienware m16 R1Alienware m15 R6Inspiron 24 5420 All-in-OneChengMing 3990Inspiron 3020 Small DesktopInspiron 16 Plus 7630Dell Pro Rugged 13 RA13250Alienware X16 R2ChengMing 3910/3911Inspiron 5401 AIOInspiron 7710 All-in-OneDell Pro 14 Plus PB14250Dell 14 Premium DA14250Alienware m18 R1Alienware m16 R2Inspiron 3910Dell G15 5510Dell G15 5530Inspiron 5510Inspiron 14 Plus 7440Alienware m15 R7Inspiron 14 7420 2-in-1Alienware Aurora ACT1250Inspiron 3020 DesktopInspiron 16 5640Alienware M18 R2Latitude 3550Inspiron 13 5330Alienware 16X Aurora AC16251ChengMing 3991Dell Pro 16 Plus PB16250Dell Pro Max 16 MC16250Dell Pro 15 Essential PV15250Dell Pro Laptop PC14250Dell Pro Max 14 MC14250Dell 15 DC15250Dell Pro 14 Premium PA14250Dell Pro Rugged 14 RB14250Dell Slim ECS1250Latitude 3140 2in1Inspiron 16 7630 2-in-1Dell Pro 16 PC16250Dell G5 5000Inspiron 27 7730 All-in-OneDell Pro Max Tower T2 FCT2250Inspiron 16 7610Alienware Area-51 AAT225Dell 16 Premium DA16250Latitude 3120Alienware x14 R2Inspiron 5410 All-in-OneInspiron 16 7620 2-in-1Latitude 3340Dell Pro 14 Plus PB14255Dell G15 5520Dell Pro Max Slim FCS1250Dell Pro 13 Plus PB13255Latitude 3330Dell Pro Tower Plus QBT1250/Dell Pro Tower QCT1250Inspiron 16 5620Inspiron 15 3520Latitude 3140Dell Pro Tower / QCT1255Dell Pro 14 PC14250Dell G16 7620Dell Tower ECT1250Inspiron 5400/5401Alienware x16 R1Latitude 3540Inspiron 14 Plus 7430Latitude 3420Dell Pro Max Micro FCM2250
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2022-26863
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 18.02%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 17:55
Updated-16 Sep, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwareinspiron_3180inspiron_3185_firmwareinspiron_3585inspiron_5415_all-in-one_firmwarevostro_3525_firmwareg5_se_5505inspiron_27_7775_firmwareinspiron_5575_firmwareinspiron_3275vostro_5415inspiron_7415_firmwareinspiron_5415inspiron_3785_firmwareinspiron_3525_firmwareinspiron_3195inspiron_14_5425inspiron_3515_firmwareinspiron_3180_firmwareinspiron_3475inspiron_5505alienware_m15_r5_firmwareinspiron_3505inspiron_3595vostro_5515g15_5515inspiron_3275_firmwareinspiron_7425_firmwarevostro_3405inspiron_5485vostro_5515_firmwareg15_5515_firmwarevostro_5625vostro_3515_firmwareinspiron_3185inspiron_7405_firmwareinspiron_5515inspiron_5415_firmwareinspiron_5405_firmwareinspiron_3505_firmwareinspiron_5585inspiron_7375_firmwareinspiron_3785inspiron_3515inspiron_7415inspiron_3525vostro_3405_firmwarevostro_3515inspiron_5575vostro_5625_firmwareinspiron_3195_firmwareinspiron_5415_all-in-oneinspiron_27_7775inspiron_5505_firmwareinspiron_7425alienware_m15_r5inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareg5_se_5505_firmwareinspiron_5585_firmwareinspiron_7405vostro_5415_firmwareinspiron_14_5425_firmwareinspiron_5405inspiron_3475_firmwarevostro_3525CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0911
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.98% / 57.83%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_data_domain_osn/a
CVE-2022-26868
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.40% / 32.15%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-26862
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 18.02%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 17:55
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwareinspiron_3180inspiron_3185_firmwareinspiron_3585inspiron_5415_all-in-one_firmwarevostro_3525_firmwareg5_se_5505inspiron_27_7775_firmwareinspiron_5575_firmwareinspiron_3275vostro_5415inspiron_7415_firmwareinspiron_5415inspiron_3785_firmwareinspiron_3525_firmwareinspiron_3195inspiron_14_5425inspiron_3515_firmwareinspiron_3180_firmwareinspiron_3475inspiron_5505alienware_m15_r5_firmwareinspiron_3505inspiron_3595vostro_5515g15_5515inspiron_3275_firmwareinspiron_7425_firmwarevostro_3405inspiron_5485vostro_5515_firmwareg15_5515_firmwarevostro_5625vostro_3515_firmwareinspiron_3185inspiron_7405_firmwareinspiron_5515inspiron_5415_firmwareinspiron_5405_firmwareinspiron_3505_firmwareinspiron_5585inspiron_7375_firmwareinspiron_3785inspiron_3515inspiron_7415inspiron_3525vostro_3405_firmwarevostro_3515inspiron_5575vostro_5625_firmwareinspiron_3195_firmwareinspiron_5415_all-in-oneinspiron_27_7775inspiron_5505_firmwareinspiron_7425alienware_m15_r5inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareg5_se_5505_firmwareinspiron_5585_firmwareinspiron_7405vostro_5415_firmwareinspiron_14_5425_firmwareinspiron_5405inspiron_3475_firmwarevostro_3525CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-18577
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.34% / 25.47%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 20:30
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.

Action-Not Available
Vendor-Dell Inc.
Product-xtremio_management_serverXtremIO
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-18579
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.34% / 26.52%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 19:45
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.

Action-Not Available
Vendor-Dell Inc.
Product-xps_7390_firmwarexps_7390CPG BIOS
CWE ID-CWE-16
Not Available
CVE-2015-2890
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6||MEDIUM
EPSS-0.77% / 50.93%
||
7 Day CHG~0.00%
Published-01 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Action-Not Available
Vendor-n/aDell Inc.
Product-precision_t1600latitude_e4310latitude_xt3precision_mobile_m6600latitude_e6220latitude_e5510latitude_e5520precision_t5600latitude_e6420_atglatitude_e6520latitude_e6410_atgprecision_mobile_m4500optiplex_790precision_t5600_xllatitude_e6320latitude_e6510precision_t3600latitude_e5410precision_mobile_m4600latitude_e6420_xfrbiosoptiplex_990latitude_e5420optiplex_390n/a
CVE-2022-24415
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.27% / 19.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 02:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24418
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.23% / 14.04%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwarevostro_5515_firmwareinspiron_3180vostro_3515_firmwareinspiron_3185_firmwareinspiron_22-3275_firmwaredell_g5_5505_firmwareinspiron_3185inspiron_3585inspiron_7405_firmwareinspiron_5515inspiron_5675_firmwareinspiron_5415_firmwareinspiron_5405_firmwareinspiron_27_7775_firmwareinspiron_3505_firmwareinspiron_5585inspiron_5775_firmwareinspiron_7375_firmwareinspiron_5575_firmwareinspiron_3785vostro_5415inspiron_7415_firmwareinspiron_3515inspiron_5415inspiron_3785_firmwareinspiron_7415vostro_3405_firmwareinspiron_3195inspiron_24-3475vostro_3515inspiron_3515_firmwareinspiron_3180_firmwareinspiron_5575inspiron_24-3475_firmwareinspiron_3195_firmwareinspiron_5505inspiron_3505inspiron_3595inspiron_27_7775inspiron_5505_firmwarevostro_5515dell_g5_5505inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareinspiron_5585_firmwareinspiron_7405inspiron_22-3275inspiron_5675vostro_5415_firmwareinspiron_5405inspiron_5775vostro_3405inspiron_5485CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24421
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.27% / 19.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-22557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.20% / 9.71%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-43587
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.24% / 14.82%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2020-5376
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.39% / 30.96%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_7347_biosinspiron_7347CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2021-36279
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 9.37%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36283
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.24% / 15.17%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_7391_2-in-1_firmwarelatitude_5401latitude_5410precision_3541inspiron_7500_firmwareprecision_3541_firmwareprecision_3551latitude_5401_firmwareg3_15_3500_firmwareoptiplex_5480_aioprecision_3640_tower_firmwarexps_9500_firmwarevostro_3881_firmwareinspiron_5590_firmwarelatitude_5511_firmwareoptiplex_3280_aio_firmwareoptiplex_7780_aio_firmwarelatitude_7300_firmwareinspiron_5493precision_3550vostro_3888inspiron_5400_2-in-1vostro_3888_firmwarexps_7380latitude_5400_firmwareprecision_7540wyse_5470latitude_3310_2-in-1vostro_3501_firmwareinspiron_5400_2-in-1_firmwareinspiron_3593_firmwareinspiron_5490_firmwareoptiplex_5080precision_3440latitude_5511precision_3440_firmwareprecision_5550inspiron_7501xps_17_9700xps_7590latitude_3310_2-in-1_firmwarelatitude_5300precision_3550_firmwarelatitude_5310_2_in_1latitude_9410_firmwarelatitude_7410latitude_3310_firmwarelatitude_5310_2_in_1_firmwarevostro_7590latitude_5300_2-in-1latitude_5411vostro_7500latitude_7410_firmwareinspiron_7590_firmwarelatitude_7300precision_7740_firmwareinspiron_5498vostro_3681inspiron_7500_2-in-1_silver_firmwarevostro_3591inspiron_7591_firmwarelatitude_5500_firmwarelatitude_7400_2-in-1_firmwarelatitude_5410_firmwareprecision_5550_firmwarexps_7390_2-in-1_firmwareoptiplex_7480_aiolatitude_5411_firmwarelatitude_7400inspiron_5590vostro_5490inspiron_3593precision_7740g3_15_3590_firmwareinspiron_3880_firmwarelatitude_7310_firmwareinspiron_5498_firmwareprecision_5540vostro_5490_firmwareoptiplex_5080_firmwarelatitude_9510inspiron_5493_firmwarevostro_3591_firmwarexps_17_9700_firmwareinspiron_3793_firmwarevostro_3681_firmwarelatitude_9510_firmwareoptiplex_3280_aiolatitude_7400_2-in-1precision_3640_towerlatitude_5300_2-in-1_firmwarevostro_5590_firmwarelatitude_9410optiplex_7080_firmwarelatitude_5310inspiron_5490inspiron_3501_firmwareg3_15_5500_firmwareprecision_3540_firmwarelatitude_5300_firmwarexps_13_9300inspiron_3880latitude_5500inspiron_7391_2-in-1optiplex_3080_firmwareprecision_7550_firmwareprecision_7550latitude_7210_2_in_1chengming_3991inspiron_3881inspiron_5598inspiron_7501_firmwarelatitude_7220ex_rugged_extreme_tabletxps_13_9380xps_7590_firmwarelatitude_7220ex_rugged_extreme_tablet_firmwareoptiplex_3080inspiron_3881_firmwareg3_15_5500optiplex_5480_aio_firmwareinspiron_7500_2-in-1_silverinspiron_3501latitude_5310_firmwarelatitude_7200_2_in_1inspiron_3793precision_3540latitude_7400_firmwareprecision_5750xps_13_9300_firmwarevostro_3501inspiron_7591latitude_7310chengming_3990optiplex_7780_aioinspiron_7500xps_7380_firmwarelatitude_3310vostro_5590precision_5540_firmwarechengming_3990_firmwareinspiron_3493precision_3551_firmwareprecision_7540_firmwareprecision_5750_firmwarelatitude_7210_2_in_1_firmwarevostro_3401_firmwarevostro_3881inspiron_5593_firmwarewyse_5470_firmwareinspiron_5593inspiron_5598_firmwareinspiron_3493_firmwarevostro_3491_firmwarelatitude_7200_2_in_1_firmwareg3_15_3590precision_7750_firmwarevostro_3401inspiron_7590chengming_3991_firmwareprecision_7750vostro_7590_firmwarevostro_3491xps_13_9380_firmwareoptiplex_7480_aio_firmwarexps_9500xps_7390_2-in-1optiplex_7080vostro_7500_firmwarelatitude_5400g3_15_3500CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6856
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 40.41%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

Action-Not Available
Vendor-n/aDell Inc.
Product-pre-boot_authentication_drivern/a
CVE-2021-21550
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.27% / 18.95%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21535
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.20% / 10.54%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-21555
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 23.19%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21553
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.22% / 12.66%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 23:45
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-286
Incorrect User Management
CVE-2021-21527
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.27% / 18.95%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21518
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.34% / 26.23%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21545
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.28% / 20.14%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 19:50
Updated-16 Sep, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

Action-Not Available
Vendor-Dell Inc.
Product-peripheral_managerDell Peripheral Manager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-42427
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-1.07% / 60.89%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 07:39
Updated-20 Dec, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_thinosWyse Proprietary OS (Modern ThinOS)wyse_proprietary_os
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-5342
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.44% / 35.33%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 19:45
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryDell Digital Delivery (Cirrus)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-5343
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.27% / 19.12%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 18:50
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

Action-Not Available
Vendor-Dell Inc.
Product-os_recovery_image_for_microsoft_windows_10CPG SW
CWE ID-CWE-277
Insecure Inherited Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-5379
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 31.62%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_7352inspiron_7352_biosCPG BIOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2020-5378
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.39% / 30.96%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-g7_17_7790_biosg7_17_7790CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5348
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.38% / 29.83%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 23:20
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7202_firmwarelatitude_7202CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5384
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.39% / 30.82%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 17:45
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-multifactor_authentication_agentRSA Authentication Agent for Microsoft Windows
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2020-5358
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 8.10%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 20:20
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-5385
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 8.10%
||
7 Day CHG~0.00%
Published-18 Aug, 2020 | 20:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-29499
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.42% / 33.66%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstorePowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26186
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 28.44%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 18:55
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5675_firmwareinspiron_5675CPG BIOS
CWE ID-CWE-642
External Control of Critical State Data
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-26193
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.48% / 37.95%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-26181
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.25% / 16.74%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsemc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-3717
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.36% / 28.25%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 16:38
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_3567precision_t5810_firmwareg7_7590inspiron_3470latitude_e7270vostro_3468xps_9560inspiron_5458precision_7920_firmwarevenue_7140_firmwareinspiron_7570vostro_3669precision_7820_firmwareinspiron_3476_firmwarevostro_5568_firmwareinspiron_7373latitude_e5550optiplex_7040_firmwarelatitude_5179latitude_7380_firmwarelatitude_7370latitude_7370_firmwarexps_9575_firmwareinspiron_5570wyse_7040latitude_e5270precision_3420wyse_5070inspiron_5368_firmwarelatitude_5490inspiron_5579latitude_5590latitude_7390_2-in-1precision_5530_2-in-1inspiron_7567vostro_3070_firmwareprecision_5720_aio_firmwareinspiron_7580_firmwareinspiron_7568_firmwareinspiron_7778_firmwareinspiron_7579precision_7920inspiron_3583precision_7720vostro_5581_firmwareinspiron_7786latitude_3380_firmwareoptiplex_7760_aiolatitude_3150inspiron_7378_firmwareprecision_5530_firmwareoptiplex_5040latitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_5250_aio_firmwareprecision_t5810optiplex_5050vostro_3667latitude_3460_firmwarelatitude_3470latitude_e7470_firmwareinspiron_7359_firmwareoptiplex_3050_aiog5_5590vostro_5468precision_7720_firmwareinspiron_3476optiplex_3060_firmwareinspiron_3558inspiron_7566_firmwareinspiron_3780latitude_3590_firmwareinspiron_5557latitude_7490_firmwareinspiron_7380_firmwarelatitude_7390_firmwarexps_9350latitude_7250_firmwareprecision_7710precision_5520precision_5720_aiolatitude_5591precision_3520inspiron_7573_firmwareinspiron_5468precision_3620precision_5820inspiron_7572g7_7790inspiron_5758_firmwareinspiron_7572_firmwareinspiron_5767_firmwarelatitude_e5570latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_3050latitude_5175_firmwarelatitude_5250xps_9380latitude_7414latitude_7414_firmwarelatitude_e5270_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_7460_aio_firmwareprecision_3630_firmwarevostro_3458_firmwareinspiron_3480_firmwareg5_5590_firmwareprecision_3430inspiron_7466_firmwarexps_7760_firmwareinspiron_5568optiplex_5060_firmwarelatitude_3150_firmwarexps_9250_firmwarelatitude_7285_firmwareinspiron_670latitude_3560inspiron_5567_firmwarelatitude_e7250_firmwarevostro_3581_firmwarelatitude_3470_firmwareinspiron_7778precision_7530_firmwarelatitude_7275vostro_3581latitude_3570vostro_3583_firmwarelatitude_5414latitude_3190_firmwareinspiron_3568optiplex_5260_aioinspiron_3459_firmwarelatitude_7202inspiron_7779_firmwareg3_3779_firmwarevostro_3268_firmwarevostro_3660wyse_7040_firmwareoptiplex_7450_aiolatitude_7390_2-in-1_firmwarechengming_3967inspiron_5457latitude_7480_firmwarexps_9550_firmwarelatitude_3350_firmwarevostro_3568latitude_e5470_firmwarelatitude_7202_firmwarechengming_3977latitude_5285_firmwarelatitude_5288_firmwareinspiron_3568_firmwareinspiron_5559inspiron_5480latitude_3190vostro_5370inspiron_7460inspiron_5580_firmwareoptiplex_7760_aio_firmwarexps_9250latitude_5488latitude_5290_2-in-1_firmwarexps_9360vostro_3669_firmwarevostro_3478inspiron_7569_firmwarelatitude_7380precision_7710_firmwarelatitude_3590inspiron_3580_firmwareinspiron_3781_firmwarelatitude_5550_firmwarevostro_5370_firmwareinspiron_7472_firmwarewyse_5070_firmwarevostro_3670_firmwareinspiron_670_firmwarelatitude_7275_firmwareprecision_7520latitude_5290_2-in-1vostro_3660_firmwarevostro_3583latitude_5491_firmwareinspiron_5482latitude_7290inspiron_3153_firmwareoptiplex_3240_aioinspiron_7560precision_3630latitude_7480latitude_7214_firmwareinspiron_3559_firmwareoptiplex_3060optiplex_5060xps_7760latitude_5420_firmwareinspiron_3468inspiron_7580latitude_5550inspiron_3668inspiron_5770latitude_3450inspiron_3584latitude_3580inspiron_5482_firmwarevostro_5481latitude_7250inspiron_3668_firmwareinspiron_5559_firmwareinspiron_7467precision_3530_firmwareprecision_3930_firmwarelatitude_5285latitude_7212latitude_5580_firmwareinspiron_5480_firmwarelatitude_3189chengming_3967_firmwareoptiplex_xe3_firmwareinspiron_3158vostro_3580inspiron_7566vostro_7570_firmwarevostro_7580latitude_7350_firmwarevostro_3268inspiron_5368vostro_3584optiplex_xe3inspiron_7472latitude_5175precision_3620_firmwareprecision_5510embedded_box_pc_5000inspiron_5379_firmwareinspiron_7370xps_8900latitude_5491inspiron_3580vostro_3267_firmwarevostro_5468_firmwarevostro_3470_firmwareg3_3579inspiron_5557_firmwareinspiron_7386_firmwareinspiron_7773_firmwareoptiplex_7040inspiron_7386xps_9370_firmwareinspiron_5379latitude_7280inspiron_5579_firmwarexps_9343_firmwarexps_9570vostro_3459inspiron_7466inspiron_7373_firmwarelatitude_5480optiplex_7050_firmwarevostro_5471_firmwarelatitude_3379_firmwareinspiron_7773inspiron_7779optiplex_3046vostro_3468_firmwareinspiron_7380xps_9370latitude_7350latitude_3160_firmwareoptiplex_5260_aio_firmwarelatitude_7285inspiron_7570_firmwareinspiron_3559inspiron_7353_firmwareinspiron_5378_firmwareprecision_3420_firmwareinspiron_5459_firmwarevostro_3459_firmwareprecision_7510_firmwareinspiron_5481precision_t7810_firmwareprecision_5530_2-in-1_firmwarexps_9550inspiron_5567inspiron_7786_firmwareinspiron_7569inspiron_3458optiplex_7450_aio_firmwarelatitude_e5450inspiron_3576xps_9350_firmwarevostro_3668_firmwareinspiron_5578latitude_3160latitude_7214inspiron_3781inspiron_3576_firmwareprecision_3430_firmwareinspiron_5468_firmwarelatitude_3550_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareoptiplex_3050_aio_firmwarevostro_3568_firmwareg3_3579_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_9570_firmwarelatitude_7389optiplex_7440_aio_firmwarelatitude_3560_firmwareinspiron_5570_firmwarelatitude_5290latitude_5289_firmwarechengming_3980_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588xps_9380_firmwareinspiron_3470_firmwarelatitude_5590_firmwarelatitude_3350vostro_5481_firmwareinspiron_5370latitude_5250_firmwareinspiron_7467_firmwareoptiplex_7460_aioinspiron_7577_firmwarevostro_3267inspiron_3481_firmwareprecision_5530inspiron_7577optiplex_5250_aiolatitude_7212_firmwareinspiron_5582optiplex_7440_aioinspiron_3584_firmwarelatitude_3450_firmwareinspiron_3459precision_t7910_firmwareprecision_3930inspiron_3480inspiron_3583_firmwareinspiron_5770_firmwareinspiron_7586_firmwarelatitude_3490inspiron_3153latitude_e5450_firmwareinspiron_5568_firmwarelatitude_5420latitude_3180_firmwareinspiron_3558_firmwarevostro_3580_firmwareinspiron_3581_firmwarexps_8900_firmwarevostro_5471latitude_3490_firmwareinspiron_5759_firmwarevostro_5581vostro_3668inspiron_5566inspiron_7378inspiron_5558xps_9343latitude_7280_firmwareg7_7790_firmwareinspiron_5758vostro_3670latitude_5280latitude_5179_firmwareinspiron_3467latitude_e5570_firmwarexps_9560_firmwareinspiron_7460_firmwareoptiplex_3240_aio_firmwarexps_9360_firmwareoptiplex_3046_firmwarelatitude_3380inspiron_5580latitude_5289latitude_5480_firmwarelatitude_e7450_firmwareinspiron_5582_firmwareinspiron_7368latitude_3460precision_7820inspiron_7359precision_5510_firmwareinspiron_5558_firmwarelatitude_e5550_firmwareinspiron_7579_firmwareinspiron_3468_firmwarelatitude_3480inspiron_5459latitude_5490_firmwarelatitude_5591_firmwareinspiron_5378vostro_3070latitude_e7450inspiron_5481_firmwareprecision_5520_firmwarelatitude_5580latitude_3379inspiron_7573vostro_3584_firmwareinspiron_5457_firmwareinspiron_3268_firmwarevostro_3478_firmwarevostro_3480precision_3520_firmwareinspiron_3567_firmwarelatitude_3550chengming_3980inspiron_7567_firmwarelatitude_5450precision_t7810vostro_3458optiplex_7060inspiron_7560_firmwareinspiron_3467_firmwarelatitude_5290_firmwarelatitude_7424_rugged_extremeprecision_t7910g5_5587latitude_3580_firmwarevostro_3470inspiron_7353latitude_7390optiplex_3040vostro_7570venue_7140latitude_5450_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwarelatitude_3390_firmwarechengming_3977_firmwarexps_9575vostro_3480_firmwareprecision_7510latitude_e5250g7_7590_firmwarelatitude_e5250_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3458_firmwarevostro_7580_firmwareprecision_3510_firmwareprecision_3510inspiron_7370_firmwareinspiron_5458_firmwarelatitude_5414_firmwarelatitude_7490inspiron_5759latitude_7389_firmwarelatitude_5288inspiron_5566_firmwareinspiron_5767inspiron_3158_firmwareoptiplex_7060_firmwareinspiron_7368_firmwareg3_3779latitude_e7470precision_5820_firmwareoptiplex_5040_firmwareinspiron_5578_firmwareinspiron_3581vostro_5568vostro_3667_firmwareinspiron_7568latitude_e7250latitude_5488_firmwareDell Client Commercial and Consumer platforms
CVE-2019-3704
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.94% / 56.45%
||
7 Day CHG~0.00%
Published-07 Feb, 2019 | 19:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-emc_vnx2_firmwareemc_vnx2VNX Control Station in Dell EMC VNX2 OE for File
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-3727
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.66% / 46.93%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 15:45
Updated-17 Sep, 2024 | 03:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection vulnerability

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.

Action-Not Available
Vendor-Dell Inc.
Product-emc_recoverpointrecoverpoint_for_virtual_machinesRecoverPoint
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-3735
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.26% / 17.17%
||
7 Day CHG~0.00%
Published-20 Jun, 2019 | 21:43
Updated-17 Sep, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsDell SupportAssist for Home PCsDell SupportAssist for Business PCs
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-3742
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.08%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:12
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CVE-2019-3744
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.35% / 27.43%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 19:13
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-digital_deliveryAlienware Digital DeliveryDell Digital Delivery
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-26864
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 18.02%
||
7 Day CHG~0.00%
Published-23 Jun, 2022 | 17:55
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwareinspiron_3180inspiron_3185_firmwareinspiron_3585inspiron_5415_all-in-one_firmwarevostro_3525_firmwareg5_se_5505inspiron_27_7775_firmwareinspiron_5575_firmwareinspiron_3275vostro_5415inspiron_7415_firmwareinspiron_5415inspiron_3785_firmwareinspiron_3525_firmwareinspiron_3195inspiron_14_5425inspiron_3515_firmwareinspiron_3180_firmwareinspiron_3475inspiron_5505alienware_m15_r5_firmwareinspiron_3505inspiron_3595vostro_5515g15_5515inspiron_3275_firmwareinspiron_7425_firmwarevostro_3405inspiron_5485vostro_5515_firmwareg15_5515_firmwarevostro_5625vostro_3515_firmwareinspiron_3185inspiron_7405_firmwareinspiron_5515inspiron_5415_firmwareinspiron_5405_firmwareinspiron_3505_firmwareinspiron_5585inspiron_7375_firmwareinspiron_3785inspiron_3515inspiron_7415inspiron_3525vostro_3405_firmwarevostro_3515inspiron_5575vostro_5625_firmwareinspiron_3195_firmwareinspiron_5415_all-in-oneinspiron_27_7775inspiron_5505_firmwareinspiron_7425alienware_m15_r5inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareg5_se_5505_firmwareinspiron_5585_firmwareinspiron_7405vostro_5415_firmwareinspiron_14_5425_firmwareinspiron_5405inspiron_3475_firmwarevostro_3525CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-32475
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-0.17% / 6.37%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 02:13
Updated-29 Oct, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-g15_5535_firmwareinspiron_5515_firmwareinspiron_16_5635_firmwareg15_5535alienware_aurora_r15_amd_firmwarevostro_14_3435_firmwarevostro_15_3525_firmwareinspiron_16_5635vostro_5415vostro_16_5635_firmwarevostro_15_3525vostro_14_3425alienware_m16_r1_amd_firmwareinspiron_14_7435_2-in-1inspiron_5415alienware_aurora_ryzen_edition_r14inspiron_15_3515inspiron_24_5415_all-in-oneinspiron_14_5425g15_5525_firmwarealienware_m17_r5_amd_firmwarealienware_m15_r7_amd_firmwareinspiron_5505alienware_m15_r7_amdinspiron_3505g15_5525vostro_15_3515_firmwarevostro_5515g15_5515vostro_14_3425_firmwareinspiron_7415_2-in-1inspiron_16_5625alienware_m17_r5_amdinspiron_14_5435inspiron_7405_2-in-1alienware_m16_r1_amdvostro_15_3535inspiron_15_3525alienware_m18vostro_16_5635alienware_aurora_r10_firmwarevostro_3405vostro_5625vostro_5515_firmwareinspiron_14_7425_2-in-1_firmwarevostro_15_3535_firmwareg5_5505g15_5515_firmwarealienware_m15_ryzen_edition_r5inspiron_15_3535inspiron_5515inspiron_5415_firmwareinspiron_7415_2-in-1_firmwareinspiron_5405_firmwareinspiron_3505_firmwarealienware_aurora_ryzen_edition_r14_firmwareinspiron_7405_2-in-1_firmwareinspiron_14_7425_2-in-1inspiron_14_7435_2-in-1_firmwareinspiron_15_3525_firmwarevostro_15_3515inspiron_16_5625_firmwarevostro_3405_firmwareinspiron_16_7635_2-in-1_firmwarevostro_5625_firmwareinspiron_14_5435_firmwarealienware_m18_firmwarealienware_m15_ryzen_edition_r5_firmwareinspiron_15_3535_firmwarealienware_aurora_r10vostro_14_3435inspiron_5505_firmwareinspiron_16_7635_2-in-1inspiron_24_5415_all-in-one_firmwarealienware_aurora_r15_amdg5_5505_firmwarevostro_5415_firmwareinspiron_14_5425_firmwareinspiron_5405inspiron_15_3515_firmwareCPG BIOScpg_bios
CWE ID-CWE-353
Missing Support for Integrity Check
CVE-2022-24420
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.27% / 19.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1204
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-2.41% / 82.10%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1185
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-6.31% / 92.75%
||
7 Day CHG~0.00%
Published-03 Feb, 2018 | 01:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_recoverpointemc_recoverpoint_for_virtual_machinesEMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1203
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-2.19% / 80.25%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-11077
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-1.00% / 58.72%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 20:00
Updated-17 Sep, 2024 | 03:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamarvsphere_data_protectionIntegrated Data Protection ApplianceAvamar
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found