Skip to main content

G3 3579 Firmware CVE-2020-5324

MEDIUM
Uncontrolled Search Path Element (CWE-427)
2020-02-21 security_alert@emc.com
Dell Information Disclosure G3 3579 Firmware G3 3779 Firmware G3 15 3590 Firmware G5 15 5590 Firmware G5 5090 Firmware G5 5587 Firmware G7 15 7590 Firmware G7 17 7790 Firmware G7 7588 Firmware Inspiron 14 5490 Firmware Inspiron 3480 Firmware Inspiron 3481 Firmware Inspiron 3490 Firmware Inspiron 3493 Firmware Inspiron 3580 Firmware Inspiron 3581 Firmware Inspiron 3583 Firmware Inspiron 3584 Firmware Inspiron 3590 Firmware Inspiron 3593 Firmware Inspiron 3780 Firmware Inspiron 3781 Firmware Inspiron 3790 Firmware Inspiron 3793 Firmware Inspiron 5390 Firmware Inspiron 5391 Firmware Inspiron 5480 Firmware Inspiron 5481 Firmware Inspiron 5482 Firmware Inspiron 5491 Firmware Inspiron 5493 Firmware Inspiron 5494 Firmware Inspiron 5498 Firmware Inspiron 5580 Firmware Inspiron 5582 Firmware Inspiron 5583 Firmware Inspiron 5584 Firmware Inspiron 5590 Firmware Inspiron 5591 Firmware Inspiron 5593 Firmware Inspiron 5594 Firmware Inspiron 5598 Firmware Inspiron 7380 Firmware Inspiron 7386 Firmware Inspiron 7390 Firmware Inspiron 7391 Firmware Inspiron 7490 Firmware Inspiron 7580 Firmware Inspiron 7586 Firmware Inspiron 7590 Firmware Inspiron 7591 Firmware Inspiron 7786 Firmware Inspiron 7791 Firmware Latitude 3301 Firmware Latitude 3300 Firmware Latitude 3311 Firmware Latitude 3390 Firmware Latitude 3400 Firmware Latitude 3490 Firmware Latitude 3500 Firmware Latitude 3590 Firmware Latitude 5290 Firmware Latitude 5300 Firmware Latitude 5400 Firmware Latitude 5401 Firmware Latitude 5420 Rugged Firmware Latitude 5424 Rugged Firmware Latitude 5490 Firmware Latitude 5491 Firmware Latitude 5500 Firmware Latitude 5501 Firmware Latitude 5590 Firmware Latitude 5591 Firmware Latitude 7200 Firmware Latitude 7220 Rugged Extreme Tablet Firmware Latitude 7220Ex Rugged Extreme Tablet Firmware Latitude 7290 Firmware Latitude 7300 Firmware Latitude 7390 Firmware Latitude 7400 Firmware Latitude 7424 Rugged Extreme Firmware Latitude 7490 Firmware Precision 3530 Firmware Precision 3540 Firmware Precision 3541 Firmware Precision 5530 Firmware Precision 5540 Firmware Precision 7530 Firmware Precision 7540 Firmware Precision 7730 Firmware Precision 7740 Firmware Vostro 15 7580 Firmware Vostro 3480 Firmware Vostro 3481 Firmware Vostro 3490 Firmware Vostro 3580 Firmware Vostro 3581 Firmware Vostro 3583 Firmware Vostro 3584 Firmware Vostro 3590 Firmware Vostro 5390 Firmware Vostro 5391 Firmware Vostro 5481 Firmware Vostro 5490 Firmware Vostro 5581 Firmware Vostro 5590 Firmware Vostro 7590 Firmware Wyse 5070 Thin Client Firmware Wyse 5470 Firmware Xps 13 9380 Firmware Xps 15 9575 Firmware Xps 15 7590 Firmware Xps 15 9570 Firmware
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 21, 2020 - 15:15 nvd
MEDIUM 4.4

DescriptionNVD

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

AnalysisAI

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. Rated medium severity (CVSS 4.4). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-427. Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. Affected products include: Dell G3 3579 Firmware, Dell G3 3779 Firmware, Dell G3 15 3590 Firmware, Dell G5 15 5590 Firmware, Dell G5 5090 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-32493 HIGH
7.8 Oct 12

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2022-32491 HIGH
7.8 Oct 12

Dell Client BIOS contains a Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low att

CVE-2022-32489 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32488 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32487 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32485 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-26861 HIGH
7.8 Sep 06

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. Rated high severity (CVSS 7.8), this vulner

CVE-2022-26860 HIGH
7.8 Sep 06

Dell BIOS versions contain a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerabili

CVE-2022-26858 HIGH
7.8 Sep 06

Dell BIOS versions contain an Improper Authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2022-26859 HIGH
7.0 Sep 06

Dell BIOS contains a race condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

CVE-2022-29083 MEDIUM
6.8 Aug 09

Prior Dell BIOS versions contain an Improper Authentication vulnerability. Rated medium severity (CVSS 6.8), this vulner

CVE-2019-3717 MEDIUM
6.8 Aug 05

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. Rated medium severity (CV

Share

CVE-2020-5324 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy