Vulnerability Details CVE-2020-5348
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.1%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
Products affected by CVE-2020-5348
-
cpe:2.3:h:dell:latitude_7202:-
-
cpe:2.3:o:dell:latitude_7202_firmware:-
-
cpe:2.3:o:dell:latitude_7202_firmware:a03
-
cpe:2.3:o:dell:latitude_7202_firmware:a05
-
cpe:2.3:o:dell:latitude_7202_firmware:a06
-
cpe:2.3:o:dell:latitude_7202_firmware:a12
-
cpe:2.3:o:dell:latitude_7202_firmware:a13
-
cpe:2.3:o:dell:latitude_7202_firmware:a15
-
cpe:2.3:o:dell:latitude_7202_firmware:a16
-
cpe:2.3:o:dell:latitude_7202_firmware:a19
-
cpe:2.3:o:dell:latitude_7202_firmware:a22
-
cpe:2.3:o:dell:latitude_7202_firmware:a23
-
cpe:2.3:o:dell:latitude_7202_firmware:a24
-
cpe:2.3:o:dell:latitude_7202_firmware:a27