Skip to main content

Chengming 3980 Firmware CVE-2020-5326

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2020-02-21 security_alert@emc.com
Dell Intel Authentication Bypass Chengming 3980 Firmware G3 3579 Firmware G3 3590 Firmware G3 3779 Firmware G5 5587 Firmware G5 5590 Firmware G7 7588 Firmware G7 7590 Firmware G7 7790 Firmware Embedded Box Pc 5000 Firmware Inspiron 14 Gaming 7466 Firmware Inspiron 14 Gaming 7467 Firmware Inspiron 15 7572 Firmware Inspiron 15 Gaming 7566 Firmware Inspiron 15 Gaming 7567 Firmware Inspiron 15 Gaming 7577 Firmware Inspiron 3470 Firmware Inspiron 3480 Firmware Inspiron 3481 Firmware Inspiron 3580 Firmware Inspiron 3581 Firmware Inspiron 3583 Firmware Inspiron 3584 Firmware Inspiron 3670 Firmware Inspiron 3780 Firmware Inspiron 3781 Firmware Inspiron 5370 Firmware Inspiron 5480 Firmware Inspiron 5481 Firmware Inspiron 5482 Firmware Inspiron 5488 Firmware Inspiron 5570 Firmware Inspiron 5580 Firmware Inspiron 5582 Firmware Inspiron 5770 Firmware Inspiron 7380 Firmware Inspiron 7386 Firmware Inspiron 7472 Firmware Inspiron 7580 Firmware Inspiron 7586 Firmware Inspiron 7590 Firmware Inspiron 7591 Firmware Inspiron 7786 Firmware Latitude 3300 Firmware Latitude 3460 Firmware Latitude 3480 Firmware Latitude 3490 Firmware Latitude 3580 Firmware Latitude 3590 Firmware Latitude 5175 Firmware Latitude 5179 Firmware Latitude 5280 Firmware Latitude 5288 Firmware Latitude 5289 Firmware Latitude 5290 Firmware Latitude 5300 Firmware Latitude 5400 Firmware Latitude 5401 Firmware Latitude 5414 Firmware Latitude 5420 Rugged Firmware Latitude 5424 Rugged Firmware Latitude 5480 Firmware Latitude 5488 Firmware Latitude 5490 Firmware Latitude 5491 Firmware Latitude 5500 Firmware Latitude 5501 Firmware Latitude 5580 Firmware Latitude 5590 Firmware Latitude 5591 Firmware Latitude 7202 Firmware Latitude 7212 Firmware Latitude 7214 Firmware Latitude 7275 Firmware Latitude 7280 Firmware Latitude 7285 Firmware Latitude 7290 Firmware Latitude 7300 Firmware Latitude 7370 Firmware Latitude 7380 Firmware Latitude 7389 Firmware Latitude 7390 Firmware Latitude 7400 Firmware Latitude 7414 Firmware Latitude 7424 Rugged Extreme Firmware Latitude 7480 Firmware Latitude 7490 Firmware Latitude E5270 Firmware Latitude E5470 Firmware Latitude E5570 Firmware Latitude E7270 Firmware Latitude E7470 Firmware Optiplex 3040 Firmware Optiplex 3046 Firmware Optiplex 3050 Firmware Optiplex 3060 Firmware Optiplex 3070 Firmware Optiplex 3240 Firmware Optiplex 5040 Firmware Optiplex 5050 Firmware Optiplex 5060 Firmware Optiplex 5070 Firmware Optiplex 5250 Firmware Optiplex 5260 Firmware Optiplex 7040 Firmware Optiplex 7050 Firmware Optiplex 7060 Firmware Optiplex 7070 Firmware Optiplex 7440 Firmware Optiplex 7450 Firmware Optiplex 7460 Firmware Optiplex 7760 Firmware Optiplex 5270 Firmware Optiplex 7470 Firmware Optiplex 7770 Firmware Optiplex Xe3 Firmware Precision 3420 Firmware Precision 3430 Firmware Precision 3510 Firmware Precision 3520 Firmware Precision 3530 Firmware Precision 3540 Firmware Precision 3541 Firmware Precision 3620 Firmware Precision 3630 Firmware Precision 3930 Firmware Precision 5510 Firmware Precision 5520 Firmware Precision 5530 Firmware Precision 5720 Firmware Precision 5810 Firmware Precision 5820 Firmware Precision 7510 Firmware Precision 7520 Firmware Precision 7530 Firmware Precision 7540 Firmware Precision 7710 Firmware Precision 7720 Firmware Precision 7730 Firmware Precision 7740 Firmware Precision 7810 Firmware Precision 7820 Firmware Precision 7910 Firmware Precision 7920 Firmware Precision 3431 Firmware Vostro 7580 Firmware Vostro 15 7570 Firmware Vostro 3070 Firmware Vostro 3470 Firmware Vostro 3480 Firmware Vostro 3481 Firmware Vostro 3580 Firmware Vostro 3581 Firmware Vostro 3583 Firmware Vostro 3584 Firmware Vostro 3670 Firmware Vostro 5370 Firmware Vostro 5471 Firmware Vostro 5481 Firmware Vostro 5581 Firmware Vostro 7590 Firmware Wyse 5070 Firmware Wyse 7040 Firmware Xps 12 9250 Firmware Xps 13 9343 Firmware Xps 13 9350 Firmware Xps 13 9360 Firmware Xps 13 9380 Firmware Xps 15 9550 Firmware Xps 15 9560 Firmware Xps 15 9575 Firmware Xps 15 9570 Firmware Xps 27 7760 Firmware Xps 8900 Firmware
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 21, 2020 - 15:15 nvd
MEDIUM 5.3

DescriptionNVD

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.

AnalysisAI

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. Affected products include: Dell Chengming 3980 Firmware, Dell G3 3579 Firmware, Dell G3 3590 Firmware, Dell G3 3779 Firmware, Dell G5 5587 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

CVE-2022-32493 HIGH
7.8 Oct 12

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2022-32491 HIGH
7.8 Oct 12

Dell Client BIOS contains a Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low att

CVE-2022-32489 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32488 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32487 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-32485 HIGH
7.8 Oct 12

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low

CVE-2022-26861 HIGH
7.8 Sep 06

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. Rated high severity (CVSS 7.8), this vulner

CVE-2022-26860 HIGH
7.8 Sep 06

Dell BIOS versions contain a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerabili

CVE-2022-26858 HIGH
7.8 Sep 06

Dell BIOS versions contain an Improper Authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2022-26859 HIGH
7.0 Sep 06

Dell BIOS contains a race condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

CVE-2022-29083 MEDIUM
6.8 Aug 09

Prior Dell BIOS versions contain an Improper Authentication vulnerability. Rated medium severity (CVSS 6.8), this vulner

CVE-2019-3717 MEDIUM
6.8 Aug 05

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. Rated medium severity (CV

Share

CVE-2020-5326 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy