Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU50576
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0522
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can run a specially crafted application to crash the system.
Install update from vendor's website.
Vulnerable software versionsPrecision 7920: All versions
Precision 7820: All versions
Precision 5820: All versions
Precision 3930: All versions
Precision 3640 XE: All versions
Precision 3630 XL: All versions
Precision 3630: All versions
Precision 3431: All versions
Precision 3430 XL: All versions
Precision 3240 Compact: All versions
OptiPlex XE3: All versions
OptiPlex 7071: All versions
OptiPlex 7070: All versions
OptiPlex 7060: All versions
Embedded Box PC 5000: All versions
Embedded Box PC 3000: All versions
Precision 3640: All versions
Precision 3440: All versions
OptiPlex 7080: All versions
ChengMing 3991: All versions
ChengMing 3990: All versions
External linkshttp://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50577
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0523
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local privileged user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPrecision 7920: All versions
Precision 7820: All versions
Precision 5820: All versions
Precision 3930: All versions
Precision 3640 XE: All versions
Precision 3630 XL: All versions
Precision 3630: All versions
Precision 3431: All versions
Precision 3430 XL: All versions
Precision 3240 Compact: All versions
OptiPlex XE3: All versions
OptiPlex 7071: All versions
OptiPlex 7070: All versions
OptiPlex 7060: All versions
Embedded Box PC 5000: All versions
Embedded Box PC 3000: All versions
Precision 3640: All versions
Precision 3440: All versions
OptiPlex 7080: All versions
ChengMing 3991: All versions
ChengMing 3990: All versions
External linkshttp://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50578
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0524
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to incorrect default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsPrecision 7920: All versions
Precision 7820: All versions
Precision 5820: All versions
Precision 3930: All versions
Precision 3640 XE: All versions
Precision 3630 XL: All versions
Precision 3630: All versions
Precision 3431: All versions
Precision 3430 XL: All versions
Precision 3240 Compact: All versions
OptiPlex XE3: All versions
OptiPlex 7071: All versions
OptiPlex 7070: All versions
OptiPlex 7060: All versions
Embedded Box PC 5000: All versions
Embedded Box PC 3000: All versions
Precision 3640: All versions
Precision 3440: All versions
OptiPlex 7080: All versions
ChengMing 3991: All versions
ChengMing 3990: All versions
External linkshttp://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50579
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-0525
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsPrecision 7920: All versions
Precision 7820: All versions
Precision 5820: All versions
Precision 3930: All versions
Precision 3640 XE: All versions
Precision 3630 XL: All versions
Precision 3630: All versions
Precision 3431: All versions
Precision 3430 XL: All versions
Precision 3240 Compact: All versions
OptiPlex XE3: All versions
OptiPlex 7071: All versions
OptiPlex 7070: All versions
OptiPlex 7060: All versions
Embedded Box PC 5000: All versions
Embedded Box PC 3000: All versions
Precision 3640: All versions
Precision 3440: All versions
OptiPlex 7080: All versions
ChengMing 3991: All versions
ChengMing 3990: All versions
External linkshttp://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.