1. CVE-Search
  2. CVE-2020-5348
ID CVE-2020-5348
Summary Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
References
Vulnerable Configurations
  • cpe:2.3:o:dell:latitude_7202_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a03:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a03:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a05:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a05:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a06:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a06:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a12:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a12:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a13:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a13:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a15:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a15:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a16:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a16:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a19:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a19:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a22:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a22:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a24:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a24:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:latitude_7202_firmware:a27:*:*:*:*:*:*:*
    cpe:2.3:o:dell:latitude_7202_firmware:a27:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:latitude_7202:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:latitude_7202:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 06-04-2020 - 18:13)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
misc https://www.dell.com/support/article/SLN320792
Last major update 06-04-2020 - 18:13
Published 04-04-2020 - 00:15
Last modified 06-04-2020 - 18:13
Back to Top