Lucene search

[email protected]NVD:CVE-2020-5376

HistorySep 02, 2020 - 9:15 p.m.

CVE-2020-5376

2020-09-0221:15:12

CWE-416

[email protected]

web.nvd.nist.gov

dell inspiron 7347

bios

uefi

vulnerability

system memory

arbitrary code

smm

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%

JSON

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

Affected configurations

Nvd

Node

dellinspiron_7347_biosRange<a13

AND

dellinspiron_7347Match-

VendorProductVersionCPE
dellinspiron_7347_bios*cpe:2.3:o:dell:inspiron_7347_bios:*:*:*:*:*:*:*:*
dellinspiron_7347-cpe:2.3:h:dell:inspiron_7347:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	inspiron_7347_bios	*	cpe:2.3:o:dell:inspiron_7347_bios::::::::
dell	inspiron_7347	-	cpe:2.3:h:dell:inspiron_7347:-:::::::*

References

www.dell.com/support/article/SLN322616

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%

JSON

Related for NVD:CVE-2020-5376

cve1 prion1 cvelist1