Dell Client Platform Security update for Intel Ethernet I210 Controller driver



Published: 2022-02-02
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2020-0522
CVE-2020-0523
CVE-2020-0524
CVE-2020-0525
CWE-ID CWE-665
CWE-284
CWE-276
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Precision 7920
Hardware solutions / Other hardware appliances

Precision 7820
Hardware solutions / Other hardware appliances

Precision 5820
Hardware solutions / Other hardware appliances

Precision 3930
Hardware solutions / Other hardware appliances

Precision 3640 XE
Hardware solutions / Other hardware appliances

Precision 3630 XL
Hardware solutions / Other hardware appliances

Precision 3630
Hardware solutions / Other hardware appliances

Precision 3431
Hardware solutions / Other hardware appliances

Precision 3430 XL
Hardware solutions / Other hardware appliances

Precision 3240 Compact
Hardware solutions / Other hardware appliances

OptiPlex XE3
Hardware solutions / Other hardware appliances

OptiPlex 7071
Hardware solutions / Other hardware appliances

OptiPlex 7070
Hardware solutions / Other hardware appliances

OptiPlex 7060
Hardware solutions / Other hardware appliances

Embedded Box PC 5000
Hardware solutions / Other hardware appliances

Embedded Box PC 3000
Hardware solutions / Other hardware appliances

Precision 3640
Hardware solutions / Firmware

Precision 3440
Hardware solutions / Firmware

OptiPlex 7080
Hardware solutions / Firmware

ChengMing 3991
Hardware solutions / Firmware

ChengMing 3990
Hardware solutions / Firmware

Vendor Dell

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper Initialization

EUVDB-ID: #VU50576

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0522

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can run a specially crafted application to crash the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Precision 7920: All versions

Precision 7820: All versions

Precision 5820: All versions

Precision 3930: All versions

Precision 3640 XE: All versions

Precision 3630 XL: All versions

Precision 3630: All versions

Precision 3431: All versions

Precision 3430 XL: All versions

Precision 3240 Compact: All versions

OptiPlex XE3: All versions

OptiPlex 7071: All versions

OptiPlex 7070: All versions

OptiPlex 7060: All versions

Embedded Box PC 5000: All versions

Embedded Box PC 3000: All versions

Precision 3640: All versions

Precision 3440: All versions

OptiPlex 7080: All versions

ChengMing 3991: All versions

ChengMing 3990: All versions

External links

http://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU50577

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0523

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local privileged user can bypass implemented security restrictions and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Precision 7920: All versions

Precision 7820: All versions

Precision 5820: All versions

Precision 3930: All versions

Precision 3640 XE: All versions

Precision 3630 XL: All versions

Precision 3630: All versions

Precision 3431: All versions

Precision 3430 XL: All versions

Precision 3240 Compact: All versions

OptiPlex XE3: All versions

OptiPlex 7071: All versions

OptiPlex 7070: All versions

OptiPlex 7060: All versions

Embedded Box PC 5000: All versions

Embedded Box PC 3000: All versions

Precision 3640: All versions

Precision 3440: All versions

OptiPlex 7080: All versions

ChengMing 3991: All versions

ChengMing 3990: All versions

External links

http://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Incorrect default permissions

EUVDB-ID: #VU50578

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0524

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to incorrect default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Precision 7920: All versions

Precision 7820: All versions

Precision 5820: All versions

Precision 3930: All versions

Precision 3640 XE: All versions

Precision 3630 XL: All versions

Precision 3630: All versions

Precision 3431: All versions

Precision 3430 XL: All versions

Precision 3240 Compact: All versions

OptiPlex XE3: All versions

OptiPlex 7071: All versions

OptiPlex 7070: All versions

OptiPlex 7060: All versions

Embedded Box PC 5000: All versions

Embedded Box PC 3000: All versions

Precision 3640: All versions

Precision 3440: All versions

OptiPlex 7080: All versions

ChengMing 3991: All versions

ChengMing 3990: All versions

External links

http://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU50579

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0525

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Precision 7920: All versions

Precision 7820: All versions

Precision 5820: All versions

Precision 3930: All versions

Precision 3640 XE: All versions

Precision 3630 XL: All versions

Precision 3630: All versions

Precision 3431: All versions

Precision 3430 XL: All versions

Precision 3240 Compact: All versions

OptiPlex XE3: All versions

OptiPlex 7071: All versions

OptiPlex 7070: All versions

OptiPlex 7060: All versions

Embedded Box PC 5000: All versions

Embedded Box PC 3000: All versions

Precision 3640: All versions

Precision 3440: All versions

OptiPlex 7080: All versions

ChengMing 3991: All versions

ChengMing 3990: All versions

External links

http://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###