How severe is CVE-2020-5324?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2020-5324?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2020-5324 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Related Vulnerabilities

CVE-2023-51710

MEDIUM

CVSS:4.2(Medium)

EMS SQL Manager 3.6.2 (build 55333) for Oracle allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.

CWE-4272023

CVE-2018-12163

MEDIUM

CVSS:4.8(Medium)

A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.

CWE-4272018

CVE-2019-1794

MEDIUM

CVSS:5.1(Medium)

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled sea...

CWE-4272019

CVE-2017-5147

MEDIUM

CVSS:5.3(Medium)

An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicio...

CWE-4272017

CVE-2019-16001

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit ...

CWE-4272019

CVE-2019-5245

MEDIUM

CVSS:5.3(Medium)

HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DL...

CWE-4272019