Cloud Defense Logo

Products

Solutions

Company

CVE-2020-5378 : Security Advisory and Response

Discover the Dell G7 17 7790 BIOS vulnerability (CVE-2020-5378) allowing local attackers to execute arbitrary code. Learn about impacts, affected systems, and mitigation steps.

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability that could allow a local attacker to execute arbitrary code in System Management Mode (SMM).

Understanding CVE-2020-5378

This CVE involves a vulnerability in Dell's CPG BIOS affecting versions below 1.13.0.

What is CVE-2020-5378?

The vulnerability allows a local attacker to exploit the UEFI BIOS Boot Services overwrite flaw to execute arbitrary code in SMM.

The Impact of CVE-2020-5378

The vulnerability has a CVSS base score of 6.8, with high impacts on confidentiality, integrity, and availability.

Technical Details of CVE-2020-5378

Dive into the specifics of this vulnerability.

Vulnerability Description

The issue arises from a UEFI BIOS Boot Services overwrite vulnerability in Dell G7 17 7790 BIOS versions prior to 1.13.2.

Affected Systems and Versions

        Product: CPG BIOS
        Vendor: Dell
        Versions Affected: < 1.13.0 (unspecified/custom)

Exploitation Mechanism

        Attack Complexity: Low
        Attack Vector: Physical
        Privileges Required: None
        Scope: Unchanged
        User Interaction: None
        Vector String: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Mitigation and Prevention

Learn how to mitigate the risks associated with CVE-2020-5378.

Immediate Steps to Take

        Update BIOS to version 1.13.2 or later to patch the vulnerability.
        Monitor system memory access to detect any unauthorized activities.

Long-Term Security Practices

        Implement strict access controls to prevent unauthorized access to system memory.
        Regularly check for BIOS updates and apply them promptly.
        Conduct security audits to identify and address potential vulnerabilities.

Patching and Updates

        Dell has released BIOS version 1.13.2 to address this vulnerability. Ensure all affected systems are updated to this version.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now