Dell Client Platform Security update for Intel Ethernet I210 Controller driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2020-0522 CVE-2020-0523 CVE-2020-0524 CVE-2020-0525 |
| CWE-ID | CWE-665 CWE-284 CWE-276 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Precision 7920 Hardware solutions / Other hardware appliances Precision 7820 Hardware solutions / Other hardware appliances Precision 5820 Hardware solutions / Other hardware appliances Precision 3930 Hardware solutions / Other hardware appliances Precision 3640 XE Hardware solutions / Other hardware appliances Precision 3630 XL Hardware solutions / Other hardware appliances Precision 3630 Hardware solutions / Other hardware appliances Precision 3431 Hardware solutions / Other hardware appliances Precision 3430 XL Hardware solutions / Other hardware appliances Precision 3240 Compact Hardware solutions / Other hardware appliances OptiPlex XE3 Hardware solutions / Other hardware appliances OptiPlex 7071 Hardware solutions / Other hardware appliances OptiPlex 7070 Hardware solutions / Other hardware appliances OptiPlex 7060 Hardware solutions / Other hardware appliances Embedded Box PC 5000 Hardware solutions / Other hardware appliances Embedded Box PC 3000 Hardware solutions / Other hardware appliances Precision 3640 Hardware solutions / Firmware Precision 3440 Hardware solutions / Firmware OptiPlex 7080 Hardware solutions / Firmware ChengMing 3991 Hardware solutions / Firmware ChengMing 3990 Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper Initialization
EUVDB-ID: #VU50576
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-0522
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can run a specially crafted application to crash the system.
Install update from vendor's website.
Vulnerable software versionsPrecision 7920: All versions
Precision 7820: All versions
Precision 5820: All versions
Precision 3930: All versions
Precision 3640 XE: All versions
Precision 3630 XL: All versions
Precision 3630: All versions
Precision 3431: All versions
Precision 3430 XL: All versions
Precision 3240 Compact: All versions
OptiPlex XE3: All versions
OptiPlex 7071: All versions
OptiPlex 7070: All versions
OptiPlex 7060: All versions
Embedded Box PC 5000: All versions
Embedded Box PC 3000: All versions
Precision 3640: All versions
Precision 3440: All versions
OptiPlex 7080: All versions
ChengMing 3991: All versions
ChengMing 3990: All versions
CPE2.3- cpe:2.3:h:dell:precision_7920:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7820:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_5820:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3930:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640_xe:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_xl:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3431:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3430_xl:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3240_compact:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_xe3:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7071:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:embedded_box_pc_5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:embedded_box_pc_3000:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3440:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:chengming_3991:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:chengming_3990:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU50577
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-0523
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local privileged user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsPrecision 7920: All versions
Precision 7820: All versions
Precision 5820: All versions
Precision 3930: All versions
Precision 3640 XE: All versions
Precision 3630 XL: All versions
Precision 3630: All versions
Precision 3431: All versions
Precision 3430 XL: All versions
Precision 3240 Compact: All versions
OptiPlex XE3: All versions
OptiPlex 7071: All versions
OptiPlex 7070: All versions
OptiPlex 7060: All versions
Embedded Box PC 5000: All versions
Embedded Box PC 3000: All versions
Precision 3640: All versions
Precision 3440: All versions
OptiPlex 7080: All versions
ChengMing 3991: All versions
ChengMing 3990: All versions
CPE2.3- cpe:2.3:h:dell:precision_7920:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7820:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_5820:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3930:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640_xe:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_xl:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3431:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3430_xl:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3240_compact:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_xe3:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7071:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:embedded_box_pc_5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:embedded_box_pc_3000:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3440:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:chengming_3991:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:chengming_3990:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect default permissions
EUVDB-ID: #VU50578
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-0524
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to incorrect default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsPrecision 7920: All versions
Precision 7820: All versions
Precision 5820: All versions
Precision 3930: All versions
Precision 3640 XE: All versions
Precision 3630 XL: All versions
Precision 3630: All versions
Precision 3431: All versions
Precision 3430 XL: All versions
Precision 3240 Compact: All versions
OptiPlex XE3: All versions
OptiPlex 7071: All versions
OptiPlex 7070: All versions
OptiPlex 7060: All versions
Embedded Box PC 5000: All versions
Embedded Box PC 3000: All versions
Precision 3640: All versions
Precision 3440: All versions
OptiPlex 7080: All versions
ChengMing 3991: All versions
ChengMing 3990: All versions
CPE2.3- cpe:2.3:h:dell:precision_7920:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7820:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_5820:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3930:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640_xe:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_xl:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3431:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3430_xl:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3240_compact:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_xe3:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7071:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:embedded_box_pc_5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:embedded_box_pc_3000:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3440:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:chengming_3991:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:chengming_3990:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU50579
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-0525
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters. A local user can bypass implemented security restrictions and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsPrecision 7920: All versions
Precision 7820: All versions
Precision 5820: All versions
Precision 3930: All versions
Precision 3640 XE: All versions
Precision 3630 XL: All versions
Precision 3630: All versions
Precision 3431: All versions
Precision 3430 XL: All versions
Precision 3240 Compact: All versions
OptiPlex XE3: All versions
OptiPlex 7071: All versions
OptiPlex 7070: All versions
OptiPlex 7060: All versions
Embedded Box PC 5000: All versions
Embedded Box PC 3000: All versions
Precision 3640: All versions
Precision 3440: All versions
OptiPlex 7080: All versions
ChengMing 3991: All versions
ChengMing 3990: All versions
CPE2.3- cpe:2.3:h:dell:precision_7920:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_7820:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_5820:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3930:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640_xe:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630_xl:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3630:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3431:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3430_xl:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3240_compact:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_xe3:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7071:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7070:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7060:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:embedded_box_pc_5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:embedded_box_pc_3000:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:precision_3440:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:optiplex_7080:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:chengming_3991:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:chengming_3990:*:*:*:*:*:*:*:*
https://www.dell.com/support/kbdoc/fr-fr/printview/000195887/10/en
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
