Published: 28/05/2020 Updated: 29/05/2020

CVSS v2 Base Score: 2.6 | Impact Score: 4.9 | Exploitability Score: 1.9

CVSS v3 Base Score: 6 | Impact Score: 5.2 | Exploitability Score: 0.8

VMScore: 231

Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dell dock_wd15_firmware
dell dock_wd19_firmware
dell thunderbolt_dock_tb16_firmware
dell precision_dual_usb-c_thunderbolt_dock_-_tb18dc_firmware

CWE-427 https://www.dell.com/support/article/SLN321564 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-5357

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect