Home
MEDIUM: 5.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NDefault status
unaffected
Any version before 1.26.0
affected
Default status
unaffected
Any version before 1.36.0
affected
Default status
unaffected
Any version before 1.32.0
affected
Default status
unaffected
Any version before 1.33.0
affected
Default status
unaffected
Any version before 2.40.0
affected
Default status
unaffected
Any version before 2.43.0
affected
Default status
unaffected
Any version before 1.51.0
affected
Default status
unaffected
Any version before 1.42.0
affected
Default status
unaffected
Any version before 1.42.0
affected
Default status
unaffected
Any version before 1.51.0
affected
Default status
unaffected
Any version before 1.42.0
affected
Default status
unaffected
Any version before 2.43.0
affected
Description
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Problem types
CWE-261: Weak Encoding for Password
Product status
Any version before 1.26.0
Any version before 1.36.0
Any version before 1.32.0
Any version before 1.33.0
Any version before 2.40.0
Any version before 2.43.0
Any version before 1.51.0
Any version before 1.42.0
Any version before 1.42.0
Any version before 1.51.0
Any version before 1.42.0
Any version before 2.43.0
Credits
Dell would like to thank Darren McDonald from AmberWolf and Craig S. Blackie from MDSec for reporting this issue.
References
www.dell.com/support/kbdoc/en-us/000453482/dsa-2026-197