Description
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Published: 2026-06-09
Score: 5.7 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Dell BIOS contains a weakness in how passwords are encoded. An unauthenticated attacker who gains physical access to a device could exploit this flaw and elevate themselves to privileged process execution, potentially taking full control of the machine. The vulnerability is characterized as insecure password storage or processing and can compromise BIOS integrity.

Affected Systems

Affected devices include Dell Embedded PC 3000 and 5000 lines, Dell Edge Gateway 3000 and 5000, Dell Precision 3630 Tower, Dell Precision 3930 Rack, Dell Latitude 7220 Rugged Extreme, Dell Latitude Rugged 5420, Dell Latitude Rugged 5424, Dell Latitude Rugged 7220EX, Dell Latitude Rugged 7424, and Dell Precision 3930 Rack models.

Risk and Exploitability

The CVSS score of 5.7 reflects a moderate risk, but the EPSS score is not available, leaving the exact likelihood of exploitation uncertain. Because the attack requires physical access and is not currently listed in the CISA KEV catalog, the threat is considered limited to environments where an attacker can physically reach the device. If physical security is compromised, the attacker could achieve full system compromise after escalating privileges.

Generated by OpenCVE AI on June 9, 2026 at 21:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest BIOS firmware update published by Dell for the affected devices
  • Restrict and monitor physical access to all Dell devices by requiring authorized personnel only
  • Enable BIOS password protection and use stronger authentication mechanisms to prevent unauthorized privilege escalation

Generated by OpenCVE AI on June 9, 2026 at 21:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Title Weak Password Encoding in Dell BIOS Enables Privilege Escalation

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Weaknesses CWE-261
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-09T19:12:13.457Z

Reserved: 2026-04-14T16:10:47.675Z

Link: CVE-2026-40639

cve-icon Vulnrichment

Updated: 2026-06-09T19:12:09.428Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T19:17:53.043

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-40639

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:15:05Z

Weaknesses