Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-5384

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-31 Jul, 2020 | 17:45
Updated At-16 Sep, 2024 | 23:30
Rejected At-
Credits

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:31 Jul, 2020 | 17:45
Updated At:16 Sep, 2024 | 23:30
Rejected At:
▼CVE Numbering Authority (CNA)

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

Affected Products
Vendor
Dell Inc.Dell
Product
RSA Authentication Agent for Microsoft Windows
Versions
Affected
  • From unspecified before 2.0.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288: Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-288
Description: CWE-288: Authentication Bypass Using an Alternate Path or Channel
Metrics
VersionBase scoreBase severityVector
3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://community.rsa.com/docs/DOC-113541
x_refsource_MISC
Hyperlink: https://community.rsa.com/docs/DOC-113541
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://community.rsa.com/docs/DOC-113541
x_refsource_MISC
x_transferred
Hyperlink: https://community.rsa.com/docs/DOC-113541
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:31 Jul, 2020 | 18:15
Updated At:11 Aug, 2020 | 17:29

Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
RSA Security LLC
rsa
>>multifactor_authentication_agent>>2.0
cpe:2.3:a:rsa:multifactor_authentication_agent:2.0:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE-288Secondarysecurity_alert@emc.com
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-288
Type: Secondary
Source: security_alert@emc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://community.rsa.com/docs/DOC-113541security_alert@emc.com
Vendor Advisory
Hyperlink: https://community.rsa.com/docs/DOC-113541
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

177Records found
CVE-2023-44296
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.59%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 07:46
Updated-01 Nov, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.

Action-Not Available
Vendor-Dell Inc.
Product-e-lab_navigatorMobility - E-Lab Navigator
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-21535
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.4||HIGH
EPSS-0.03% / 8.13%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 17:40
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-43730
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.50%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 13:57
Updated-28 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2022-34440
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.13% / 33.18%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 08:23
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.

Action-Not Available
Vendor-Dell Inc.
Product-policy_manager_for_secure_connect_gatewaySecure Connect Gateway (SCG) Policy Manager
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-26476
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.83%
||
7 Day CHG~0.00%
Published-04 Aug, 2025 | 18:44
Updated-07 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-ECSObjectScale
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2018-15778
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.68%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 22:00
Updated-17 Sep, 2024 | 02:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Dell Networking OS10
CWE ID-CWE-20
Improper Input Validation
CVE-2018-15782
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.04% / 8.89%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 20:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability

The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-authentication_managerRSA Authentication Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29499
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.16% / 37.54%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 21:30
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerstorePowerStore
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-6851
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.39%
||
7 Day CHG~0.00%
Published-23 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-securid_web_agentn/a
CWE ID-CWE-284
Improper Access Control
CVE-2020-26181
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsemc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-43587
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.03% / 8.11%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2024-53290
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.4||HIGH
EPSS-1.24% / 78.43%
||
7 Day CHG+0.08%
Published-11 Dec, 2024 | 07:34
Updated-04 Feb, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

Action-Not Available
Vendor-Dell Inc.
Product-thinosWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-36315
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 12.79%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_nodes_a3000_firmwareemc_powerscale_nodes_h5600_firmwareemc_powerscale_nodes_f810_firmwareemc_powerscale_nodes_h400_firmwareemc_powerscale_nodes_h700emc_powerscale_nodes_h5600emc_powerscale_nodes_h700_firmwareemc_powerscale_nodes_x410emc_powerscale_nodes_a200_firmwareemc_powerscale_nodes_f200_firmwareemc_powerscale_nodes_x210emc_powerscale_nodes_a100_firmwareemc_powerscale_nodes_s210_firmwareemc_powerscale_nodes_f800_firmwareemc_powerscale_nodes_f600_firmwareemc_powerscale_nodes_f600emc_powerscale_nodes_a300_firmwareemc_powerscale_nodes_a200emc_powerscale_nodes_a3000emc_powerscale_nodes_h7000_firmwareemc_powerscale_nodes_x210_firmwareemc_powerscale_nodes_a2000emc_powerscale_nodes_f200emc_powerscale_nodes_h500_firmwareemc_powerscale_nodes_s210emc_powerscale_nodes_nl410emc_powerscale_nodes_h400emc_powerscale_nodes_h7000emc_powerscale_nodes_h600emc_powerscale_nodes_nl410_firmwareemc_powerscale_nodes_a100emc_powerscale_nodes_x410_firmwareemc_powerscale_nodes_a300emc_powerscale_nodes_a2000_firmwareemc_powerscale_nodes_f810emc_powerscale_nodes_h500emc_powerscale_nodes_f800emc_powerscale_nodes_h600_firmwarePowerScale Nodes
CVE-2021-36324
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_7570_firmwarelatitude_5401g7_7590inspiron_3470latitude_e7270optiplex_7770_firmwarevostro_3669inspiron_5491_firmwareprecision_7820_firmwareinspiron_5477_firmwarelatitude_5179inspiron_15_7577latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570vostro_3888_firmwarewyse_7040latitude_e5270precision_7540alienware_15_r3_firmwareprecision_3420wyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511inspiron_7580_firmwarealienware_m15_r1_firmwareprecision_7720precision_7920alienware_m17_r3_firmwarelatitude_5300vostro_5581_firmwarelatitude_3380_firmwareprecision_5530_firmwareoptiplex_5040latitude_rugged_5420vostro_15_7580inspiron_14_5468optiplex_5050alienware_aurora_r11latitude_3470latitude_7300g5_5590xps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwarelatitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2precision_5520latitude_7400latitude_5591precision_3620precision_5820inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarelatitude_5175_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070precision_3630_firmwareprecision_3430g5_5000inspiron_7700inspiron_13_5378_firmwarelatitude_7285_firmwarexps_13_9370_firmwarevostro_3581_firmwarelatitude_7275vostro_3581xps_15_9575latitude_9410inspiron_7777optiplex_7070latitude_3570optiplex_7080_firmwareoptiplex_5480_firmwareinspiron_15_5578_firmwarelatitude_5310latitude_rugged_7424_firmwarevostro_3268_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1inspiron_5400latitude_7480_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370alienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_rugged_7424latitude_5488g3_3590optiplex_5260latitude_7380precision_3540alienware_aurora_r11_firmwarevostro_14_5468optiplex_7780optiplex_3280xps_15_9560inspiron_3580_firmwareinspiron_3781_firmwarevostro_5370_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7275_firmwareinspiron_3280_firmwarelatitude_3310precision_7520vostro_15_3578_firmwarevostro_3660_firmwareinspiron_5482latitude_7290g7_7587_firmwarealienware_area_51m_r1precision_7540_firmwareoptiplex_7760latitude_7480vostro_3881wyse_5470_firmwareinspiron_7580inspiron_3668inspiron_5770alienware_m17_r2_firmwarelatitude_3580inspiron_3668_firmwarelatitude_5285optiplex_7780_firmwareinspiron_5480_firmwarelatitude_3551optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510inspiron_7370precision_3240vostro_3481_firmwarelatitude_5491optiplex_3240_firmwareoptiplex_7040inspiron_7386alienware_aurora_r12latitude_7280latitude_5400latitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwarealienware_m17_r3precision_7730inspiron_7380precision_3240_firmwarelatitude_7285latitude_5400_firmwareprecision_3420_firmwarevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareprecision_7510_firmwareg5_5000_firmwareoptiplex_7460_firmwareoptiplex_5250_firmwareinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3576inspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareinspiron_7590_firmwarelatitude_rugged_5414_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwareinspiron_3470_firmwareinspiron_5370inspiron_7467_firmwareprecision_7740inspiron_3481_firmwareprecision_5530latitude_7310_firmwareinspiron_15_5579_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_rugged_extreme_7214latitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwarelatitude_3490_firmwareprecision_5720_firmwareg7_7587vostro_3668optiplex_7770optiplex_5270latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareinspiron_5490inspiron_15_5578latitude_5300_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_7550xps_7590_firmwareoptiplex_3080alienware_m17_r1latitude_3480latitude_rugged_5424_firmwarevostro_3671inspiron_7591latitude_7310inspiron_7790g3_3590_firmwareinspiron_7790_firmwarealienware_13_r3latitude_3379vostro_3584_firmwarechengming_3990_firmwarevostro_15_5568precision_3520_firmwarechengming_3980inspiron_7567_firmwareoptiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwareinspiron_13_5379_firmwareg5_5090_firmwarelatitude_7390latitude_3390_firmwareprecision_7750_firmwarealienware_aurora_r12_firmwareprecision_3431precision_7510vostro_3480_firmwarechengming_3991_firmwarevostro_7590_firmwareprecision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwarelatitude_e7470optiplex_5040_firmwareinspiron_3581latitude_rugged_tablet_7212_firmwareoptiplex_7480inspiron_5400_firmwareinspiron_15_5566_firmwarelatitude_5488_firmwarealienware_17_r5_firmwareoptiplex_5480precision_3541_firmwarealienware_m15_r1precision_7920_firmwareinspiron_15_7572alienware_aurora_r7_firmwareinspiron_3476_firmwareinspiron_5680vostro_3881_firmwareinspiron_7373latitude_5511_firmwareinspiron_15_7573_firmwareoptiplex_7040_firmwareprecision_3550latitude_7370latitude_7370_firmwareoptiplex_7440_firmwareoptiplex_5070_firmwarealienware_15_r4latitude_5490alienware_m17_r2inspiron_7567vostro_3070_firmwarelatitude_rugged_extreme_7414xps_7590optiplex_7071vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_13_5378inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwareprecision_3520inspiron_17_7773_firmwareg7_7790latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050optiplex_5080_firmwareinspiron_15_7570latitude_e5270_firmwareoptiplex_7480_firmwarevostro_3471latitude_rugged_5420_firmwarelatitude_rugged_extreme_7214_firmwareinspiron_3480_firmwareg5_5590_firmwarealienware_m15_r3inspiron_7700_firmwareoptiplex_5060_firmwarelatitude_3470_firmwareprecision_7530_firmwarealienware_x17_r1latitude_rugged_5424vostro_3583_firmwareinspiron_15_5566latitude_3190_firmwarealienware_aurora_ryzen_edition_firmwareg3_3779_firmwarevostro_15_3578latitude_5500inspiron_15_5582precision_7550_firmwarewyse_7040_firmwarelatitude_5285_firmwareinspiron_5477chengming_3991latitude_5288_firmwarelatitude_rugged_extreme_7414_firmwareinspiron_5480inspiron_3471_firmwarevostro_3669_firmwarelatitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590inspiron_7472_firmwareoptiplex_5260_firmwarechengming_3990vostro_3583latitude_5491_firmwarevostro_5880_firmwareprecision_3630xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_5491inspiron_5482_firmwarevostro_5481inspiron_7467precision_3530_firmwareprecision_3930_firmwarelatitude_rugged_tablet_7212latitude_5580_firmwarelatitude_7200inspiron_3477_firmwarelatitude_3189vostro_3580precision_7750inspiron_7472latitude_5175inspiron_14_3467_firmwareprecision_3620_firmwareoptiplex_3280_firmwarevostro_15_3568embedded_box_pc_5000inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwareoptiplex_7440latitude_5480alienware_15_r3vostro_5471_firmwareoptiplex_7470optiplex_3046xps_15_9575_firmwarelatitude_7210_firmwareinspiron_15_5582_firmwarealienware_x15_r1_firmwarelatitude_7300_firmwarelatitude_5510wyse_5470inspiron_5481precision_3440_firmwarealienware_x17_r1_firmwarexps_8930xps_27_7760inspiron_7786_firmwareprecision_3640_firmwareinspiron_15_5579vostro_15_3568_firmwarelatitude_7410latitude_5501_firmwarexps_27_7760_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450inspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarealienware_17_r5optiplex_7760_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarelatitude_5290alienware_aurora_r7latitude_5289_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwarevostro_5481_firmwarelatitude_rugged_5414vostro_3267inspiron_14_3467inspiron_3671precision_5540alienware_17_r4precision_3930inspiron_3480latitude_3490inspiron_3670latitude_3300_firmwarevostro_5471alienware_15_r4_firmwarevostro_5581latitude_7200_firmwareg7_7790_firmwarelatitude_5510_firmwareinspiron_3670_firmwarevostro_15_7570latitude_e5570_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwarelatitude_3380latitude_7210latitude_5289precision_7820vostro_3471_firmwareoptiplex_3080_firmwareoptiplex_3240precision_5510_firmwarelatitude_rugged_7220inspiron_3881xps_13_9380alienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwarealienware_13_r3_firmwarelatitude_5310_firmwarevostro_3070inspiron_5481_firmwareprecision_5520_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_5540_firmwareinspiron_3277_firmwareinspiron_5401_firmwarexps_8940_firmwareinspiron_3268_firmwarevostro_3480latitude_rugged_7220_firmwareprecision_3640alienware_17_r4_firmwarelatitude_rugged_7220exg5_5587latitude_3580_firmwarevostro_3470alienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040precision_5720latitude_7290_firmwareoptiplex_5270_firmwareprecision_7530inspiron_5370_firmwarelatitude_3551_firmwarexps_8930_firmwarechengming_3977_firmwareoptiplex_7470_firmwareoptiplex_7460g7_7590_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareinspiron_15_7573optiplex_7050precision_3431_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwareinspiron_13_5379latitude_5288latitude_7490optiplex_7060_firmwareg3_3779precision_5820_firmwareinspiron_5401optiplex_5250vostro_3667_firmwarealienware_aurora_ryzen_editioninspiron_15_7577_firmwarevostro_15_7570_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21518
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21555
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.31%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21526
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.99%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 16:45
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21556
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.70%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5348
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.87%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 23:20
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7202_firmwarelatitude_7202CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5363
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.05% / 14.44%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7300latitude_5401precision_7740_firmwareprecision_3541precision_3541_firmwarelatitude_5401_firmwareprecision_7540_firmwarelatitude_5500_firmwareprecision_3540_firmwarelatitude_5300_firmwarexps_13_9300xps_7390_2-in-1_firmwarelatitude_7300_firmwarelatitude_5500latitude_7400latitude_5400_firmwarelatitude_7200_2_in_1_firmwarelatitude_7220_firmwareprecision_7540precision_7740latitude_7220ex_rugged_extreme_tabletxps_7590_firmwarelatitude_7220ex_rugged_extreme_tablet_firmwarexps_7590latitude_7220latitude_7200_2_in_1latitude_5501latitude_5300latitude_7400_firmwareprecision_3540xps_13_9300_firmwarexps_7390_2-in-1latitude_5501_firmwarelatitude_5300_2-in-1latitude_5300_2-in-1_firmwarelatitude_5400Dell Client Consumer and Commercial platforms
CWE ID-CWE-158
Improper Neutralization of Null Byte or NUL Character
CVE-2020-5358
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 20:20
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2012-2281
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.33% / 54.87%
||
7 Day CHG~0.00%
Published-05 Jul, 2012 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-access_manager_serveraccess_manager_agentn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-29083
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.93%
||
7 Day CHG+0.07%
Published-09 Aug, 2022 | 20:15
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5410xps_8940inspiron_5310inspiron_3470precision_7730_firmwarevostro_5510_firmwareprecision_3551optiplex_7470vostro_5491precision_7730optiplex_7770_firmwareprecision_3640_tower_firmwareinspiron_7610precision_3650_towervostro_3881_firmwarevostro_3490_firmwarelatitude_5511_firmwarelatitude_7210_firmwareinspiron_5493precision_3550latitude_5510vostro_3888inspiron_7490vostro_3888_firmwareoptiplex_5070_firmwareinspiron_7610_firmwareprecision_7540wyse_5470vostro_3501_firmwarewyse_5070inspiron_3593_firmwareoptiplex_5080precision_3440inspiron_5494_firmwarelatitude_5511precision_3440_firmwarevostro_3070_firmwareg5_5000_firmwareoptiplex_7460_firmwareoptiplex_7071vostro_5310inspiron_5510_firmwareprecision_3550_firmwarelatitude_9410_firmwarelatitude_7410vostro_15_7580_firmwareg5_5587_firmwarevostro_15_7580latitude_5411g7_7588_firmwareoptiplex_3070_firmwarelatitude_7410_firmwareprecision_7740_firmwareg3_3579_firmwarevostro_3590_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_3780optiplex_7760_firmwarevostro_3681vostro_5491_firmwarelatitude_5410_firmwarechengming_3980_firmwarevostro_5090_firmwareinspiron_3780_firmwareinspiron_7490_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3120_firmwareinspiron_3470_firmwarelatitude_5591inspiron_3593optiplex_7070_ultraprecision_7740inspiron_3880_firmwareinspiron_5310_firmwareg5_5090latitude_7310_firmwareoptiplex_7071_firmwareoptiplex_5080_firmwareinspiron_3790_firmwarelatitude_9510inspiron_5493_firmwareoptiplex_5070inspiron_3480inspiron_3480_firmwareprecision_3930_rack_firmwareinspiron_3670g5_5000inspiron_3793_firmwareprecision_3430_tower_firmwarevostro_3681_firmwareoptiplex_5060_firmwarevostro_3580_firmwarelatitude_9510_firmwarevostro_3590precision_3640_toweroptiplex_3090_firmwarevostro_5510optiplex_7770optiplex_5270precision_7530_firmwareinspiron_5410latitude_9410latitude_5510_firmwareinspiron_3790optiplex_7070optiplex_7080_firmwarevostro_3670vostro_3583_firmwareinspiron_3670_firmwarelatitude_3190_firmwareinspiron_5410_firmwarelatitude_5310inspiron_5494inspiron_3501_firmwarevostro_5410_firmwareg3_3779_firmwareinspiron_5594latitude_7210inspiron_3880precision_3431_tower_firmwareoptiplex_3080_firmwareinspiron_5510precision_7550_firmwareprecision_3930_rackprecision_7550vostro_3490chengming_3991vostro_5591inspiron_3881vostro_5090latitude_3190optiplex_3080inspiron_3881_firmwarevostro_7510_firmwarelatitude_5591_firmwareinspiron_3501optiplex_5260latitude_5310_firmwarevostro_7510vostro_3070inspiron_3793inspiron_7510_firmwareprecision_3430_towerinspiron_3580_firmwarevostro_3501latitude_7310optiplex_5260_firmwarewyse_5070_firmwarechengming_3990vostro_3670_firmwarevostro_3583xps_8940_firmwarelatitude_5491_firmwarechengming_3990_firmwarevostro_5880_firmwarewyse_5470_all-in-one_firmwarelatitude_3120optiplex_3090vostro_3480inspiron_3493inspiron_5594_firmwarechengming_3980precision_3551_firmwarevostro_5410precision_7540_firmwareoptiplex_7070_ultra_firmwareoptiplex_7760optiplex_3060vostro_3401_firmwareoptiplex_5060inspiron_5593_firmwareoptiplex_7060vostro_3881inspiron_5593vostro_5310_firmwarewyse_5470_firmwareprecision_3630_towerg5_5587vostro_3470wyse_5470_all-in-oneg5_5090_firmwareinspiron_7510optiplex_3070inspiron_3493_firmwareprecision_3530_firmwarelatitude_3320optiplex_5270_firmwareprecision_7530precision_3240_compactprecision_7750_firmwareoptiplex_7470_firmwarevostro_3480_firmwareoptiplex_7460optiplex_xe3_firmwarevostro_3401chengming_3991_firmwareprecision_7750vostro_3580vostro_5880optiplex_7070_firmwareoptiplex_xe3latitude_3320_firmwareprecision_3650_tower_firmwareoptiplex_7060_firmwareinspiron_3580latitude_5491precision_3240_compact_firmwareg3_3579g3_3779precision_3630_tower_firmwarevostro_3470_firmwareoptiplex_7080vostro_5591_firmwareCPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2012-0400
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-0.96% / 75.55%
||
7 Day CHG~0.00%
Published-20 Mar, 2012 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-envisionn/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-32453
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 6.67%
||
7 Day CHG~0.00%
Published-16 Aug, 2023 | 19:22
Updated-02 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_9330inspiron_15_3511vostro_5510_firmwareinspiron_7500_firmwarevostro_5491optiplex_tower_plus_7010_firmwareinspiron_7610precision_3650_towerlatitude_rugged_7330chengming_3910_firmwarelatitude_3430_firmwareinspiron_5493optiplex_7410_all-in-oneprecision_7960_towerinspiron_24_5420_all-in-oneinspiron_3891_firmwarevostro_5890optiplex_3000g7_17_7700inspiron_7490inspiron_24_5421_all-in-onelatitude_7420_firmwareprecision_5860_tower_firmwareinspiron_7610_firmwarexps_13_7390_2-in-1_firmwarexps_13_9315inspiron_15_3511_firmwareoptiplex_5090_firmwareinspiron_3593_firmwareprecision_5470_firmwarelatitude_9330_firmwarevostro_3710_firmwareinspiron_7501inspiron_7300_2-in-1chengming_3911_firmwareg7_15_7500_firmwareprecision_7960_tower_firmwareoptiplex_3000_firmwareinspiron_3891latitude_3330xps_13_9305g3_3500xps_13_7390_2-in-1alienware_m18inspiron_7300_2-in-1_firmwareoptiplex_7090_firmwarevostro_3690g16_7620_firmwarevostro_3020_sff_firmwareprecision_3460_small_form_factor_firmwarevostro_3020_t_firmwarevostro_7500optiplex_7490_all-in-onelatitude_7320alienware_m15_r7g5_15_5500_firmwareoptiplex_7090latitude_9520precision_3660g7_17_7700_firmwarevostro_3910inspiron_14_5418_firmwarelatitude_7230_rugged_extreme_tablet_firmwarelatitude_3440latitude_7420inspiron_3020_desktoplatitude_rugged_7330_firmwarevostro_3020_tvostro_5491_firmwarelatitude_5430xps_13_7390inspiron_7490_firmwarelatitude_3530_firmwarelatitude_3400_firmwareinspiron_24_5420_all-in-one_firmwarevostro_3890chengming_3901_firmwareinspiron_3593inspiron_15_5518_firmwareoptiplex_tower_plus_7010inspiron_3511_firmwareprecision_5860_toweroptiplex_3000_thin_clientg7_15_7500inspiron_14_5410xps_13_9310_firmwarexps_13_7390_firmwareinspiron_5493_firmwarelatitude_3400latitude_7520_firmwarelatitude_5431vostro_3710optiplex_3000_thin_client_firmwarelatitude_5420optiplex_xe4_firmwareinspiron_3793_firmwareprecision_5470vostro_5890_firmwareoptiplex_micro_plus_7010latitude_3440_firmwareinspiron_3910_firmwareg15_5520_firmwarelatitude_3530inspiron_15_5510optiplex_small_form_factor_plus_7010precision_3470_firmwareinspiron_3511vostro_5510xps_13_9305_firmwarelatitude_rugged_5430_firmwarexps_13_9310inspiron_5410optiplex_7400_all-in-onevostro_3020_sffvostro_3510_firmwareoptiplex_7000chengming_3901latitude_3340_firmwareinspiron_5410_firmwarealienware_m16latitude_3540_firmwareinspiron_15_5510_firmwarevostro_5410_firmwarelatitude_5431_firmwarelatitude_3301inspiron_27_7720_all-in-one_firmwarexps_13_9300g3_3500_firmwareg16_7620precision_3450chengming_3900latitude_3500_firmwarechengming_3900_firmwarexps_15_9520_firmwareprecision_5680_firmwareoptiplex_7490_all-in-one_firmwarevostro_5591precision_3260_xe_compact_firmwareprecision_3260_xe_compactinspiron_7501_firmwareprecision_3660_firmwareoptiplex_5400_all-in-one_firmwarechengming_3910inspiron_7500_2-in-1_blacklatitude_3330_firmwarexps_13_9315_firmwarevostro_7510_firmwarelatitude_3140latitude_3500vostro_7510xps_13_9300_firmwareinspiron_3793precision_5570_firmwareinspiron_3910inspiron_27_7720_all-in-oneinspiron_7510_firmwarelatitude_rugged_5430latitude_7520optiplex_7400_all-in-one_firmwareprecision_5570vostro_3890_firmwareinspiron_7500_2-in-1_black_firmwareprecision_3450_firmwareinspiron_14_5410_firmwareprecision_3460_small_form_factorinspiron_7500optiplex_micro_plus_7010_firmwarealienware_m16_firmwareprecision_3460_xe_small_form_factorprecision_3470latitude_7320_firmwareoptiplex_5490_all-in-onexps_15_9520inspiron_3493latitude_3340vostro_5410g5_15_5500inspiron_3020_small_desktop_firmwarelatitude_7230_rugged_extreme_tabletlatitude_5430_firmwareoptiplex_small_form_factor_plus_7010_firmwareinspiron_5593_firmwareoptiplex_5000_firmwareoptiplex_7410_all-in-one_firmwareinspiron_5593latitude_5420_firmwareinspiron_3020_desktop_firmwareoptiplex_5000inspiron_7510inspiron_3493_firmwareprecision_3260_compact_firmwareoptiplex_5400_all-in-onelatitude_3320vostro_3910_firmwareprecision_3460_xe_small_form_factor_firmwarechengming_3911latitude_3540xps_13_9310_2-in-1_firmwarealienware_m18_firmwareinspiron_3020_small_desktopprecision_5680precision_3260_compactalienware_m15_r7_firmwareinspiron_14_5418inspiron_24_5421_all-in-one_firmwarelatitude_3430g15_5520optiplex_7000_firmwarelatitude_3301_firmwarelatitude_3320_firmwareprecision_3650_tower_firmwarelatitude_3140_firmwarelatitude_9520_firmwareoptiplex_5490_all-in-one_firmwarevostro_3510vostro_3690_firmwarexps_13_9310_2-in-1optiplex_5090inspiron_15_5518optiplex_xe4vostro_5591_firmwarevostro_7500_firmwareCPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2022-26870
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.16% / 37.79%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 18:05
Updated-07 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.

Action-Not Available
Vendor-Dell Inc.
Product-powerstoreosPowerStore
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-26858
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.77%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 20:15
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareoptiplex_7770_all-in-onexps_15_9510_firmwareinspiron_3470latitude_e7270inspiron_7300_firmwarelatitude_3520vostro_3468precision_3561_firmwareinspiron_7570vostro_3669xps_17_9710_firmwareg5_15_5587inspiron_5590_firmwareprecision_7560g7_17_7790_firmwarelatitude_5179latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570inspiron_7490vostro_3888_firmwarelatitude_e5270precision_7540wyse_7040_thin_clientwyse_5070latitude_9420inspiron_5490_firmwarelatitude_5590optiplex_5080inspiron_5502latitude_5511latitude_7390_2-in-1inspiron_7501precision_5530_2-in-1inspiron_7300_2-in-1precision_5550xps_17_9700inspiron_7580_firmwareprecision_7720vostro_5581_firmwarelatitude_5300vostro_3400latitude_3380_firmwareoptiplex_7760_aiog3_3500precision_5530_firmwareoptiplex_5040vostro_15_7580optiplex_5050latitude_7320latitude_3470inspiron_15_gaming_7577latitude_7300optiplex_7090optiplex_3050_aioprecision_3620_towervostro_5468g7_17_7700_firmwarexps_13_9360optiplex_5055_firmwareprecision_3431_toweroptiplex_3060_firmwareinspiron_5490_aio_firmwareinspiron_7000latitude_3420latitude_3590_firmwarelatitude_7490_firmwarevostro_5491_firmwareprecision_5520latitude_5310_2-in-1_firmwareinspiron_7490_firmwareinspiron_5409latitude_7400latitude_5591optiplex_5270_all-in-one_firmwareinspiron_3471inspiron_3511_firmwarelatitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarelatitude_5175_firmwareinspiron_7586optiplex_3040_firmwarelatitude_3400optiplex_5070latitude_3420_firmwareg5_5000inspiron_13_5378_firmwarexps_15_9575_2-in-1inspiron_5491_2-in-1_firmwarelatitude_7285_firmwareoptiplex_3090_firmwareoptiplex_3240_all-in-onexps_13_9370_firmwarevostro_3581_firmwareinspiron_7506_2-in-1_firmwarelatitude_7320_detachable_firmwarevostro_3581latitude_9410optiplex_7070latitude_3570optiplex_7080_firmwarelatitude_5420_rugged_firmwareinspiron_5491_aio_firmwareinspiron_15_5578_firmwarelatitude_5310vostro_5391latitude_3301inspiron_5594latitude_5420_ruggedoptiplex_7090_ultra_firmwarevostro_3268_firmwarevostro_3660inspiron_7000_firmwarelatitude_7220_rugged_extreme_tabletprecision_3450inspiron_5510latitude_7390_2-in-1_firmwarelatitude_5495inspiron_5400latitude_7480_firmwarevostro_3568latitude_e5470_firmwarevostro_5591vostro_5090precision_5560latitude_3190vostro_5370latitude_7220ex_rugged_extreme_tablet_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_5488latitude_5521vostro_3478latitude_7380optiplex_5480_all-in-one_firmwareprecision_3540inspiron_3910inspiron_7510_firmwareinspiron_3580_firmwarelatitude_7520inspiron_3781_firmwarevostro_5370_firmwarewyse_5070_firmwarevostro_3670_firmwareinspiron_15_gaming_7577_firmwarelatitude_3310latitude_7414_rugged_extreme_firmwarelatitude_5290_2-in-1precision_7520vostro_3660_firmwarewyse_5470_all-in-one_firmwareinspiron_5482precision_7820_toweroptiplex_3090latitude_7290vostro_5410latitude_7212_rugged_extreme_tablet_firmwareinspiron_5402precision_7540_firmwareinspiron_7700_aiolatitude_7480vostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401edge_gateway_5000_firmwareinspiron_5593wyse_5470_firmwarelatitude_5420_firmwareprecision_3561inspiron_7580vostro_5390_firmwareinspiron_5770latitude_3580vostro_5300precision_5820_tower_firmwareinspiron_3493_firmwarelatitude_3190_2-in-1_firmwarevostro_5301xps_15_9510inspiron_5480_firmwareinspiron_3590latitude_7210_2-in-1optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneinspiron_5410_2-in-1optiplex_xe3vostro_3584precision_5510latitude_3301_firmwareinspiron_7370vostro_3481_firmwarelatitude_5491latitude_9520_firmwareprecision_5560_firmwarevostro_5468_firmwarevostro_3690_firmwareoptiplex_7040inspiron_7386latitude_5520_firmwareoptiplex_5090optiplex_5480_all-in-oneinspiron_5591_2-in-1_firmwarelatitude_7280latitude_5400latitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwareprecision_3551vostro_5491precision_5820_towerprecision_7730inspiron_7380precision_3640_tower_firmwareinspiron_7610latitude_7275_2-in-1_firmwarevostro_5301_firmwareg7_17_7790vostro_5890embedded_box_pc_3000inspiron_5400_2-in-1latitude_7285inspiron_7570_firmwarelatitude_5400_firmwareinspiron_7610_firmwareoptiplex_7770_all-in-one_firmwareinspiron_5400_2-in-1_firmwareinspiron_7391vostro_3671_firmwareprecision_3440vostro_5402optiplex_7090_ultrag5_5000_firmwareoptiplex_7470_all-in-oneoptiplex_7460_firmwareoptiplex_5250_firmwareinspiron_3576inspiron_3671_firmwareinspiron_7500_2-in-1_firmwareinspiron_5510_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwarelatitude_7214inspiron_3781vostro_3690inspiron_3576_firmwareinspiron_5300_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareoptiplex_7490_all-in-onevostro_7500inspiron_7590_firmwareinspiron_7791_firmwarevostro_3568_firmwareprecision_7740_firmwareinspiron_15_3567latitude_7389vostro_3681inspiron_5570_firmwareprecision_7920_towerlatitude_7400_2-in-1_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwarelatitude_3510_firmwareinspiron_3470_firmwareinspiron_3593optiplex_7070_ultrainspiron_5370precision_7740xps_13_9365inspiron_3481_firmwareprecision_5530latitude_7275_2-in-1latitude_7310_firmwareoptiplex_7440_aioinspiron_15_5579_firmwareinspiron_7306_2-in-1xps_13_9310_firmwareinspiron_3790_firmwarelatitude_9510optiplex_3280_all-in-oneinspiron_5770_firmwareinspiron_7586_firmwareprecision_5760_firmwarelatitude_3180_firmwarevostro_3681_firmwarevostro_3580_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1optiplex_5490_aio_firmwareprecision_7760_firmwarelatitude_3490_firmwarelatitude_5300_2-in-1_firmwareinspiron_3511vostro_3668xps_13_9305_firmwareinspiron_5410latitude_7280_firmwarevostro_5502vostro_3670edge_gateway_3000latitude_5280latitude_5179_firmwareoptiplex_7780_all-in-oneinspiron_5490inspiron_15_5578inspiron_3501_firmwarelatitude_5300_firmwarewyse_7040_thin_client_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareprecision_3930_rackprecision_7550vostro_3490inspiron_5391g5_15_5590_firmwareinspiron_5598latitude_5320_firmwarexps_7590_firmwareoptiplex_3080latitude_3480precision_5750latitude_rugged_5430vostro_3671inspiron_7591latitude_7310inspiron_7790latitude_5421_firmwareinspiron_7500inspiron_7790_firmwareg15_5511latitude_3379precision_5760vostro_3584_firmwareoptiplex_7480_all-in-onechengming_3990_firmwarevostro_3478_firmwareprecision_3520_firmwareinspiron_5594_firmwarechengming_3980precision_3551_firmwareoptiplex_7070_ultra_firmwareinspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareoptiplex_7060latitude_5290_firmwarelatitude_7424_rugged_extremeinspiron_13_5379_firmwareoptiplex_7480_all-in-one_firmwareg5_5090_firmwareoptiplex_3240_all-in-one_firmwarelatitude_7390vostro_3500g3_15_3590latitude_3390_firmwareprecision_3240_compactinspiron_14_3476precision_7750_firmwarelatitude_3520_firmwarelatitude_5285_2-in-1_firmwareinspiron_5490_aiovostro_3401chengming_3991_firmwarevostro_3480_firmwarevostro_7590_firmwareprecision_3510_firmwareinspiron_7400inspiron_7370_firmwareprecision_3650_tower_firmwarelatitude_7389_firmwareinspiron_7500_2-in-1optiplex_7470_all-in-one_firmwarevostro_3510latitude_e7470precision_3630_tower_firmwareoptiplex_5040_firmwarexps_13_9310_2-in-1inspiron_3581inspiron_13_7378vostro_5568inspiron_5400_firmwareinspiron_15_5566_firmwarelatitude_5424_ruggedlatitude_5488_firmwareinspiron_5583inspiron_7500_firmwareprecision_3541_firmwareinspiron_5591_2-in-1g5_5500g5_15_5587_firmwareinspiron_15_7572inspiron_7506_2-in-1vostro_5568_firmwareg7_7500precision_3650_towerinspiron_7373latitude_7200_2-in-1latitude_5511_firmwarevostro_3490_firmwarevostro_3881_firmwareoptiplex_7040_firmwareinspiron_5493precision_3550inspiron_3891_firmwarelatitude_7370_firmwarelatitude_7370optiplex_3090_ultra_firmwarelatitude_7420_firmwareoptiplex_5070_firmwareinspiron_5501vostro_5501_firmwarelatitude_3310_2-in-1inspiron_5390_firmwareoptiplex_3090_ultralatitude_5490vostro_3070_firmwareinspiron_7390_firmwarexps_7590latitude_3190_2-in-1optiplex_7071edge_gateway_5000vostro_3481inspiron_3891inspiron_7786vostro_5310xps_13_9305latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwarelatitude_3180inspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwarelatitude_5300_2-in-1latitude_7424_rugged_extreme_firmwarelatitude_e5470optiplex_7090_firmwareoptiplex_3070_firmwareg15_5511_firmwarelatitude_7410_firmwarevostro_3667latitude_e7470_firmwareoptiplex_5260_all-in-oneprecision_7720_firmwarelatitude_5310_2-in-1vostro_3910inspiron_5491_aioinspiron_13_5378inspiron_3780inspiron_7380_firmwareg5_5500_firmwarelatitude_rugged_7330_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwarelatitude_3400_firmwarevostro_3890latitude_3510precision_3560_firmwareinspiron_5584precision_3520inspiron_17_7773_firmwareinspiron_7573_firmwarelatitude_5495_firmwarelatitude_e5570vostro_5401_firmwareinspiron_3880_firmwareinspiron_5310_firmwareinspiron_5501_firmwareg5_5090optiplex_3050precision_7820_tower_firmwareoptiplex_5055optiplex_5080_firmwarelatitude_e5270_firmwareinspiron_5493_firmwarevostro_3471xps_17_9700_firmwareinspiron_3480_firmwareoptiplex_5060_firmwarevostro_3590vostro_5390vostro_3578vostro_5590_firmwarelatitude_3470_firmwareprecision_7530_firmwareinspiron_3790vostro_3583_firmwareinspiron_15_5566latitude_3190_firmwareinspiron_5494xps_15_9500latitude_5500inspiron_15_5582inspiron_5508_firmwareprecision_7550_firmwarelatitude_3500_firmwarechengming_3991latitude_5288_firmwareinspiron_7501_firmwareinspiron_5480optiplex_7760_aio_firmwareg15_5510_firmwarevostro_7510_firmwarelatitude_5290_2-in-1_firmwareinspiron_3471_firmwarevostro_3669_firmwarevostro_7510inspiron_7791latitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590vostro_3501precision_3450_firmwareinspiron_7472_firmwarechengming_3990inspiron_5301vostro_3583latitude_5491_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493precision_5750_firmwarelatitude_7214_firmwarexps_13_9365_firmwareoptiplex_3060optiplex_5060latitude_5285_2-in-1chengming_3988_firmwareinspiron_5482_firmwarelatitude_3410_firmwarelatitude_5520inspiron_7510vostro_5481wyse_5470_all-in-oneinspiron_7400_firmwareprecision_3530_firmwarelatitude_3320inspiron_5583_firmwarexps_13_9310_2-in-1_firmwarelatitude_5580_firmwarelatitude_3189inspiron_5410_2-in-1_firmwarexps_15_9575_2-in-1_firmwarevostro_3580precision_7750inspiron_7472latitude_5175inspiron_14_3467_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarelatitude_3320_firmwareinspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080vostro_3578_firmwareg15_5510vostro_7500_firmwarelatitude_5480inspiron_5310vostro_5510_firmwarevostro_5471_firmwareinspiron_14_3476_firmwareoptiplex_3046vostro_3468_firmwarelatitude_5414_rugged_firmwarelatitude_5424_rugged_firmwarelatitude_rugged_7330inspiron_15_5582_firmwarelatitude_7300_firmwarelatitude_5421latitude_9420_firmwarelatitude_5510g7_17_7700inspiron_5401_aio_firmwarevostro_5300_firmwarewyse_5470optiplex_5090_firmwarevostro_3501_firmwareinspiron_3593_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareinspiron_5481inspiron_5494_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwarexps_27_7760inspiron_7786_firmwarelatitude_3310_2-in-1_firmwareinspiron_15_5579latitude_5320latitude_7410inspiron_3590_firmwarelatitude_5501_firmwarexps_27_7760_firmwareoptiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411precision_7760optiplex_7450_firmwareinspiron_7306_2-in-1_firmwareoptiplex_7450vostro_3500_firmwareoptiplex_3050_aio_firmwareinspiron_15_3567_firmwareg3_3579_firmwarelatitude_7320_detachableinspiron_5509latitude_3480_firmwarelatitude_3189_firmwarelatitude_9520xps_13_9360_firmwarevostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498optiplex_7440_aio_firmwarelatitude_7420inspiron_7591_firmwarelatitude_5290inspiron_5300inspiron_7706_2-in-1inspiron_5508latitude_5289_firmwareprecision_5550_firmwarechengming_3980_firmwareinspiron_5491_2-in-1g7_7500_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwareinspiron_5590vostro_5481_firmwarevostro_5490inspiron_5301_firmwarevostro_3267inspiron_14_3467g3_15_3590_firmwareinspiron_3671inspiron_5408_firmwareinspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_3480latitude_7520_firmwarelatitude_3490precision_3930_rack_firmwarevostro_3710inspiron_3670latitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareinspiron_7390precision_3430_tower_firmwareprecision_7560_firmwarelatitude_3300_firmwarevostro_5471latitude_7400_2-in-1precision_3640_towervostro_5510inspiron_3490vostro_5581latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310latitude_5510_firmwarevostro_3510_firmwareinspiron_3670_firmwarevostro_15_7570inspiron_5410_firmwarelatitude_7212_rugged_extreme_tabletlatitude_e5570_firmwareinspiron_5408latitude_7220_rugged_extreme_tablet_firmwarevostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwareoptiplex_3046_firmwarelatitude_3380latitude_5289g3_3500_firmwareprecision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3080_firmwarelatitude_3410precision_5510_firmwarevostro_5402_firmwareprecision_3420_towerg5_15_5590optiplex_7490_all-in-one_firmwareinspiron_3881xps_13_9380latitude_7220ex_rugged_extreme_tabletlatitude_7414_rugged_extremeprecision_3420_tower_firmwarelatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501latitude_5310_firmwarelatitude_3500vostro_3070inspiron_3793precision_3430_towerinspiron_5481_firmwarealienware_m15_r6precision_5520_firmwarevostro_3890_firmwareoptiplex_5490_aiochengming_3988xps_15_7590latitude_3300latitude_5580precision_3620_tower_firmwareinspiron_5584_firmwareedge_gateway_3000_firmwareprecision_5540_firmwareinspiron_5401_firmwareinspiron_7573vostro_5501vostro_5590xps_8940_firmwarelatitude_7320_firmwarelatitude_3120vostro_3480precision_3560inspiron_5401_aiooptiplex_5260_all-in-one_firmwareinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareprecision_3630_towerlatitude_3580_firmwareinspiron_5598_firmwarevostro_3470latitude_5414_ruggedoptiplex_3070inspiron_13_7378_firmwareoptiplex_3040vostro_3910_firmwarelatitude_7290_firmwareprecision_7530inspiron_5370_firmwareinspiron_5391_firmwareinspiron_5502_firmwareoptiplex_7460xps_15_7590_firmwareembedded_box_pc_5000_firmwareoptiplex_7050inspiron_3490_firmwareinspiron_5409_firmwareprecision_3510xps_13_9380_firmwareinspiron_13_5379inspiron_5390latitude_5288latitude_7490optiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareinspiron_5401optiplex_5250vostro_3667_firmwareprecision_7920_tower_firmwarevostro_5591_firmwarevostro_15_7570_firmwareCPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2002-0507
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.46% / 80.03%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

Action-Not Available
Vendor-n/aRSA Security LLCMicrosoft Corporation
Product-exchange_serversecuridn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-24422
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-47.94% / 97.64%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9Integrated Dell Remote Access Controller 9
CWE ID-CWE-287
Improper Authentication
CVE-2022-23156
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.59%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_device_agentDell Wyse Device Agent
CWE ID-CWE-287
Improper Authentication
CVE-2021-36350
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 59.37%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-287
Improper Authentication
CVE-2021-36346
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-1.22% / 78.19%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 22:15
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.

Action-Not Available
Vendor-Dell Inc.
Product-integrated_dell_remote_access_controller_8_firmwareintegrated_dell_remote_access_controller_8Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-287
Improper Authentication
CVE-2021-36308
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2021-21538
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-1.55% / 80.70%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 15:55
Updated-17 Sep, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-287
Improper Authentication
CVE-2021-21502
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.36%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 21:25
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-287
Improper Authentication
CVE-2019-3758
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.48%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 22:23
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.

Action-Not Available
Vendor-Dell Inc.RSA Security LLC
Product-archerRSA Archer
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-28073
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.01% / 0.85%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:42
Updated-04 Dec, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5530precision_3570_firmwarelatitude_5530_firmwareprecision_3570CPG BIOS
CWE ID-CWE-287
Improper Authentication
CVE-2017-14377
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-3.59% / 87.30%
||
7 Day CHG~0.00%
Published-29 Nov, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-authentication_agent_for_webRSA Authentication Agent for Web for Apache Web Server RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618
CWE ID-CWE-287
Improper Authentication
CVE-2023-44302
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-5.08% / 89.40%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:44
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_manager_dm5500_firmwarepowerprotect_data_manager_dm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-287
Improper Authentication
CVE-2022-34372
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 18:45
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_cyber_recoveryCyber Recovery
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2022-34380
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.3||CRITICAL
EPSS-0.01% / 0.64%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 18:45
Updated-16 Sep, 2024 | 23:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-287
Improper Authentication
CVE-2022-34379
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.4||CRITICAL
EPSS-0.19% / 40.98%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 18:45
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.

Action-Not Available
Vendor-Dell Inc.
Product-cloudlinkCloudLink
CWE ID-CWE-287
Improper Authentication
CVE-2025-26475
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.21%
||
7 Day CHG+0.01%
Published-19 Mar, 2025 | 15:13
Updated-20 May, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway (SCG) 5.0 Appliance - SRS
CWE ID-CWE-287
Improper Authentication
CVE-2025-22477
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.12% / 31.33%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:03
Updated-13 May, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-287
Improper Authentication
CVE-2021-36306
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-287
Improper Authentication
CVE-2021-21513
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 16:00
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-287
Improper Authentication
CVE-2021-21564
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.06%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CVE-2021-21544
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.21% / 43.94%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 20:55
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareIntegrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-287
Improper Authentication
CVE-2019-1664
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.1||HIGH
EPSS-0.40% / 59.78%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 19:00
Updated-20 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco HyperFlex Software Unauthenticated Root Access Vulnerability

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-hyperflex_hx_data_platformCisco HyperFlex HX-Series
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2013-2120
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-0.06% / 19.66%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 19:03
Updated-06 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.

Action-Not Available
Vendor-n/aKDE
Product-paste_appletKDE Paste Applet
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found