CVE-2020-5326

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.

Published: 2020-02-21 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2020-5326 is rated Low Risk (34/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.35%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2020-5326

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.06% 0.35% +0.29%
2 2025-11-21 0.04% 0.06% +0.01%
3 2025-11-18 0.04%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2020-5326

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.1 3.1 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.9 4.7 [email protected]
5.3 3.1 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
0.9 4.0 [email protected]
2.1 2.0 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
3.9 2.9 [email protected]

Weakness enumeration for CVE-2020-5326

Affected software / configurations for CVE-2020-5326

Vendor Product Version Raw CPE
dell chengming_3980_firmware < 2.13.0 cpe:2.3:o:dell:chengming_3980_firmware:*:*:*:*:*:*:*:*
dell g3_3579_firmware < 1.10.0 cpe:2.3:o:dell:g3_3579_firmware:*:*:*:*:*:*:*:*
dell g3_3590_firmware < 1.4.3 cpe:2.3:o:dell:g3_3590_firmware:*:*:*:*:*:*:*:*
dell g3_3779_firmware < 1.10.0 cpe:2.3:o:dell:g3_3779_firmware:*:*:*:*:*:*:*:*
dell g5_5587_firmware < 1.11.1 cpe:2.3:o:dell:g5_5587_firmware:*:*:*:*:*:*:*:*
dell g5_5590_firmware < 1.8.0 cpe:2.3:o:dell:g5_5590_firmware:*:*:*:*:*:*:*:*
dell g7_7588_firmware < 1.11.1 cpe:2.3:o:dell:g7_7588_firmware:*:*:*:*:*:*:*:*
dell g7_7590_firmware < 1.8.0 cpe:2.3:o:dell:g7_7590_firmware:*:*:*:*:*:*:*:*
dell g7_7790_firmware < 1.8.0 cpe:2.3:o:dell:g7_7790_firmware:*:*:*:*:*:*:*:*
dell embedded_box_pc_5000_firmware < 1.6.0 cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:*
dell inspiron_14_gaming_7466_firmware < 1.5.0 cpe:2.3:o:dell:inspiron_14_gaming_7466_firmware:*:*:*:*:*:*:*:*
dell inspiron_14_gaming_7467_firmware < 1.10.0 cpe:2.3:o:dell:inspiron_14_gaming_7467_firmware:*:*:*:*:*:*:*:*
dell inspiron_15_7572_firmware < 1.2.1 cpe:2.3:o:dell:inspiron_15_7572_firmware:*:*:*:*:*:*:*:*
dell inspiron_15_gaming_7566_firmware < 1.5.0 cpe:2.3:o:dell:inspiron_15_gaming_7566_firmware:*:*:*:*:*:*:*:*
dell inspiron_15_gaming_7567_firmware < 1.10.0 cpe:2.3:o:dell:inspiron_15_gaming_7567_firmware:*:*:*:*:*:*:*:*
dell inspiron_15_gaming_7577_firmware < 1.8.0 cpe:2.3:o:dell:inspiron_15_gaming_7577_firmware:*:*:*:*:*:*:*:*
dell inspiron_3470_firmware < 2.13.0 cpe:2.3:o:dell:inspiron_3470_firmware:*:*:*:*:*:*:*:*
dell inspiron_3480_firmware < 1.5.1 cpe:2.3:o:dell:inspiron_3480_firmware:*:*:*:*:*:*:*:*
dell inspiron_3481_firmware < 1.4.0 cpe:2.3:o:dell:inspiron_3481_firmware:*:*:*:*:*:*:*:*
dell inspiron_3580_firmware < 1.5.1 cpe:2.3:o:dell:inspiron_3580_firmware:*:*:*:*:*:*:*:*
dell inspiron_3581_firmware < 1.4.0 cpe:2.3:o:dell:inspiron_3581_firmware:*:*:*:*:*:*:*:*
dell inspiron_3583_firmware < 1.5.1 cpe:2.3:o:dell:inspiron_3583_firmware:*:*:*:*:*:*:*:*
dell inspiron_3584_firmware < 1.4.0 cpe:2.3:o:dell:inspiron_3584_firmware:*:*:*:*:*:*:*:*
dell inspiron_3670_firmware < 2.13.0 cpe:2.3:o:dell:inspiron_3670_firmware:*:*:*:*:*:*:*:*
dell inspiron_3780_firmware < 1.5.1 cpe:2.3:o:dell:inspiron_3780_firmware:*:*:*:*:*:*:*:*
dell inspiron_3781_firmware < 1.4.0 cpe:2.3:o:dell:inspiron_3781_firmware:*:*:*:*:*:*:*:*
dell inspiron_5370_firmware < 1.12.0 cpe:2.3:o:dell:inspiron_5370_firmware:*:*:*:*:*:*:*:*
dell inspiron_5480_firmware < 2.4.0 cpe:2.3:o:dell:inspiron_5480_firmware:*:*:*:*:*:*:*:*
dell inspiron_5481_firmware < 2.4.0 cpe:2.3:o:dell:inspiron_5481_firmware:*:*:*:*:*:*:*:*
dell inspiron_5482_firmware < 2.4.0 cpe:2.3:o:dell:inspiron_5482_firmware:*:*:*:*:*:*:*:*
dell inspiron_5488_firmware < 2.4.0 cpe:2.3:o:dell:inspiron_5488_firmware:*:*:*:*:*:*:*:*
dell inspiron_5570_firmware < 1.2.3 cpe:2.3:o:dell:inspiron_5570_firmware:*:*:*:*:*:*:*:*
dell inspiron_5580_firmware < 2.4.0 cpe:2.3:o:dell:inspiron_5580_firmware:*:*:*:*:*:*:*:*
dell inspiron_5582_firmware < 2.4.0 cpe:2.3:o:dell:inspiron_5582_firmware:*:*:*:*:*:*:*:*
dell inspiron_5770_firmware < 1.2.3 cpe:2.3:o:dell:inspiron_5770_firmware:*:*:*:*:*:*:*:*
dell inspiron_7380_firmware < 1.8.0 cpe:2.3:o:dell:inspiron_7380_firmware:*:*:*:*:*:*:*:*
dell inspiron_7386_firmware < 1.5.0 cpe:2.3:o:dell:inspiron_7386_firmware:*:*:*:*:*:*:*:*
dell inspiron_7472_firmware < 1.2.1 cpe:2.3:o:dell:inspiron_7472_firmware:*:*:*:*:*:*:*:*
dell inspiron_7580_firmware < 1.8.0 cpe:2.3:o:dell:inspiron_7580_firmware:*:*:*:*:*:*:*:*
dell inspiron_7586_firmware < 1.5.0 cpe:2.3:o:dell:inspiron_7586_firmware:*:*:*:*:*:*:*:*
dell inspiron_7590_firmware < 1.1.1 cpe:2.3:o:dell:inspiron_7590_firmware:*:*:*:*:*:*:*:*
dell inspiron_7591_firmware < 1.1.1 cpe:2.3:o:dell:inspiron_7591_firmware:*:*:*:*:*:*:*:*
dell inspiron_7786_firmware < 1.5.0 cpe:2.3:o:dell:inspiron_7786_firmware:*:*:*:*:*:*:*:*
dell latitude_3300_firmware < 1.4.0 cpe:2.3:o:dell:latitude_3300_firmware:*:*:*:*:*:*:*:*
dell latitude_3460_firmware < a17 cpe:2.3:o:dell:latitude_3460_firmware:*:*:*:*:*:*:*:*
dell latitude_3480_firmware < 1.12.0 cpe:2.3:o:dell:latitude_3480_firmware:*:*:*:*:*:*:*:*
dell latitude_3490_firmware < 1.9.9 cpe:2.3:o:dell:latitude_3490_firmware:*:*:*:*:*:*:*:*
dell latitude_3580_firmware < 1.12.0 cpe:2.3:o:dell:latitude_3580_firmware:*:*:*:*:*:*:*:*
dell latitude_3590_firmware < 1.9.9 cpe:2.3:o:dell:latitude_3590_firmware:*:*:*:*:*:*:*:*
dell latitude_5175_firmware < 1.7.1 cpe:2.3:o:dell:latitude_5175_firmware:*:*:*:*:*:*:*:*
dell latitude_5179_firmware < 1.7.1 cpe:2.3:o:dell:latitude_5179_firmware:*:*:*:*:*:*:*:*
dell latitude_5280_firmware < 1.15.1 cpe:2.3:o:dell:latitude_5280_firmware:*:*:*:*:*:*:*:*
dell latitude_5288_firmware < 1.15.1 cpe:2.3:o:dell:latitude_5288_firmware:*:*:*:*:*:*:*:*
dell latitude_5289_firmware < 1.18.1 cpe:2.3:o:dell:latitude_5289_firmware:*:*:*:*:*:*:*:*
dell latitude_5290_firmware < 1.9.0 cpe:2.3:o:dell:latitude_5290_firmware:*:*:*:*:*:*:*:*
dell latitude_5300_firmware < 1.3.1 cpe:2.3:o:dell:latitude_5300_firmware:*:*:*:*:*:*:*:*
dell latitude_5400_firmware < 1.3.11 cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*
dell latitude_5401_firmware < 1.3.11 cpe:2.3:o:dell:latitude_5401_firmware:*:*:*:*:*:*:*:*
dell latitude_5414_firmware < 1.24.0 cpe:2.3:o:dell:latitude_5414_firmware:*:*:*:*:*:*:*:*
dell latitude_5420_rugged_firmware < 1.5.0 cpe:2.3:o:dell:latitude_5420_rugged_firmware:*:*:*:*:*:*:*:*
dell latitude_5424_rugged_firmware < 1.5.0 cpe:2.3:o:dell:latitude_5424_rugged_firmware:*:*:*:*:*:*:*:*
dell latitude_5480_firmware < 1.15.1 cpe:2.3:o:dell:latitude_5480_firmware:*:*:*:*:*:*:*:*
dell latitude_5488_firmware < 1.15.1 cpe:2.3:o:dell:latitude_5488_firmware:*:*:*:*:*:*:*:*
dell latitude_5490_firmware < 1.9.0 cpe:2.3:o:dell:latitude_5490_firmware:*:*:*:*:*:*:*:*
dell latitude_5491_firmware < 1.8.1 cpe:2.3:o:dell:latitude_5491_firmware:*:*:*:*:*:*:*:*
dell latitude_5500_firmware < 1.3.11 cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*
dell latitude_5501_firmware < 1.2.11 cpe:2.3:o:dell:latitude_5501_firmware:*:*:*:*:*:*:*:*
dell latitude_5580_firmware < 1.15.1 cpe:2.3:o:dell:latitude_5580_firmware:*:*:*:*:*:*:*:*
dell latitude_5590_firmware < 1.9.0 cpe:2.3:o:dell:latitude_5590_firmware:*:*:*:*:*:*:*:*
dell latitude_5591_firmware < 1.8.1 cpe:2.3:o:dell:latitude_5591_firmware:*:*:*:*:*:*:*:*
dell latitude_7202_firmware < a24 cpe:2.3:o:dell:latitude_7202_firmware:*:*:*:*:*:*:*:*
dell latitude_7212_firmware < 1.26.0 cpe:2.3:o:dell:latitude_7212_firmware:*:*:*:*:*:*:*:*
dell latitude_7214_firmware < 1.24.0 cpe:2.3:o:dell:latitude_7214_firmware:*:*:*:*:*:*:*:*
dell latitude_7275_firmware < 1.6.1 cpe:2.3:o:dell:latitude_7275_firmware:*:*:*:*:*:*:*:*
dell latitude_7280_firmware < 1.15.1 cpe:2.3:o:dell:latitude_7280_firmware:*:*:*:*:*:*:*:*
dell latitude_7285_firmware < 1.4.1 cpe:2.3:o:dell:latitude_7285_firmware:*:*:*:*:*:*:*:*
dell latitude_7290_firmware < 1.10.0 cpe:2.3:o:dell:latitude_7290_firmware:*:*:*:*:*:*:*:*
dell latitude_7300_firmware < 1.3.11 cpe:2.3:o:dell:latitude_7300_firmware:*:*:*:*:*:*:*:*
dell latitude_7370_firmware < 1.18.5 cpe:2.3:o:dell:latitude_7370_firmware:*:*:*:*:*:*:*:*
dell latitude_7380_firmware < 1.15.1 cpe:2.3:o:dell:latitude_7380_firmware:*:*:*:*:*:*:*:*

References for CVE-2020-5326

cvelogic Threat Intelligence