Vulnerabilites related to dell - aurora_r16
cve-2024-32860
Vulnerability from cvelistv5
Published
2024-06-13 13:00
Modified
2024-08-02 02:20
Severity ?
EPSS score ?
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125 | vendor-advisory |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "cpg_bios", vendor: "dell", versions: [ { lessThan: "1.0.24", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.1.25", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.19.0", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.12.0", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.13.0", status: "affected", version: "0", versionType: "semver", }, { lessThan: "2.18.0", status: "affected", version: "0", versionType: "semver", }, { lessThan: "2.7.0", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.16.0", status: "affected", version: "0", versionType: "semver", }, { lessThan: "2.6.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32860", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-20T13:49:01.558476Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-20T14:48:48.914Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:20:35.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPG BIOS", vendor: "Dell", versions: [ { lessThan: "1.0.24", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.1.25", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.19.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.12.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.13.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.18.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.7.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.16.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.6.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dell Technologies would like to thank Eason for reporting this issue.", }, ], datePublic: "2024-06-11T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, ], value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T13:00:19.384Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-32860", datePublished: "2024-06-13T13:00:19.384Z", dateReserved: "2024-04-19T09:34:13.527Z", dateUpdated: "2024-08-02T02:20:35.674Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32859
Vulnerability from cvelistv5
Published
2024-06-13 12:39
Modified
2024-08-02 02:20
Severity ?
EPSS score ?
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124 | vendor-advisory |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r15_amd_firmware", vendor: "dell", versions: [ { lessThan: "1.13.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r16_firmware", vendor: "dell", versions: [ { lessThan: "2.7.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r10_firmware", vendor: "dell", versions: [ { lessThan: "2.8.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r11_firmware", vendor: "dell", versions: [ { lessThan: "1.0.24", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r12_firmware", vendor: "dell", versions: [ { lessThan: "1.1.25", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r13_firmware", vendor: "dell", versions: [ { lessThan: "1.19.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r14_ryzen_edition_firmware", vendor: "dell", versions: [ { lessThan: "2.18.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r15_firmware", vendor: "dell", versions: [ { lessThan: "1.12.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "inspiron_3502_firmware", vendor: "dell", versions: [ { lessThan: "1.16.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "xps_8950_firmware", vendor: "dell", versions: [ { lessThan: "1.19.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "xps_8960_firmware", vendor: "dell", versions: [ { lessThan: "2.6.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32859", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T13:39:08.008139Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T16:01:53.774Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:20:35.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPG BIOS", vendor: "Dell", versions: [ { lessThan: "2.8.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.0.24", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.1.25", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.19.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.12.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.13.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.18.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.7.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.16.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.6.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dell Technologies would like to thank Eason for reporting this issue", }, ], datePublic: "2024-06-11T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, ], value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T12:39:41.863Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-32859", datePublished: "2024-06-13T12:39:41.863Z", dateReserved: "2024-04-19T09:34:13.527Z", dateUpdated: "2024-08-02T02:20:35.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32856
Vulnerability from cvelistv5
Published
2024-06-13 11:51
Modified
2024-08-02 02:20
Severity ?
EPSS score ?
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
References
▼ | URL | Tags |
---|---|---|
https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-32856", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-17T13:07:26.971457Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-17T13:07:31.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:20:35.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPG BIOS", vendor: "Dell", versions: [ { lessThan: "2.8.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.0.24", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.1.25", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.19.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.12.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.13.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.18.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.7.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.16.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dell Technologies would like to thank Eason for reporting this issue.", }, ], datePublic: "2024-06-11T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.", }, ], value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T11:51:03.183Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-32856", datePublished: "2024-06-13T11:51:03.183Z", dateReserved: "2024-04-19T09:34:13.526Z", dateUpdated: "2024-08-02T02:20:35.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39584
Vulnerability from cvelistv5
Published
2024-08-28 05:46
Modified
2024-08-28 14:15
Severity ?
EPSS score ?
Summary
Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Dell | Dell Client Platform BIOS |
Version: N/A ≤ Version: N/A ≤ Version: N/A ≤ Version: N/A ≤ |
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:dell:alienware_m15_r3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:dell:alienware_m17_r3_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "alienware_m17_r3_firmware", vendor: "dell", versions: [ { lessThan: "1.29.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "alienware_aurora_r15_amd_firmware", vendor: "dell", versions: [ { lessThan: "1.15.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_x14_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "alienware_x14_firmware", vendor: "dell", versions: [ { lessThan: "1.21.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "alienware_x15_r1_firmware", vendor: "dell", versions: [ { lessThan: "1.24.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-39584", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T14:02:49.780082Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-28T14:15:01.978Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Dell Client Platform BIOS", vendor: "Dell", versions: [ { lessThan: "1.29.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.15.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.21.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.24.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "CVE-2024-39584: Dell Technologies would like to thank BINARLY REsearch team for reporting this issue.", }, ], datePublic: "2024-08-27T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.", }, ], value: "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1392", description: "CWE-1392: Use of Default Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-28T05:46:40.013Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-39584", datePublished: "2024-08-28T05:46:40.013Z", dateReserved: "2024-06-26T02:16:08.993Z", dateUpdated: "2024-08-28T14:15:01.978Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32858
Vulnerability from cvelistv5
Published
2024-06-13 12:48
Modified
2024-08-02 02:20
Severity ?
EPSS score ?
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124 | vendor-advisory |
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r10_firmware", vendor: "dell", versions: [ { lessThan: "2.8.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r11_firmware", vendor: "dell", versions: [ { lessThan: "1.0.24", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r12_firmware", vendor: "dell", versions: [ { lessThan: "1.1.25", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r13_firmware", vendor: "dell", versions: [ { lessThan: "1.19.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r14_ryzen_edition_firmware", vendor: "dell", versions: [ { lessThan: "2.18.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r15_firmware", vendor: "dell", versions: [ { lessThan: "1.12.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r15_amd_firmware", vendor: "dell", versions: [ { lessThan: "1.13.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "alienware_aurora_r16_firmware", vendor: "dell", versions: [ { lessThan: "2.7.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "inspiron_3502_firmware", vendor: "dell", versions: [ { lessThan: "1.16.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "xps_8950_firmware", vendor: "dell", versions: [ { lessThan: "1.19.0", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "xps_8960_firmware", vendor: "dell", versions: [ { lessThan: "2.6.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-32858", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T13:37:43.257078Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T16:09:43.292Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:20:35.666Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CPG BIOS", vendor: "Dell", versions: [ { lessThan: "2.8.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.0.24", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.1.25", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.19.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.12.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.13.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.18.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.7.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "1.16.0", status: "affected", version: "N/A", versionType: "semver", }, { lessThan: "2.6.0", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dell Technologies would like to thank Eason for reporting this issue", }, ], datePublic: "2024-06-11T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, ], value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-13T12:48:29.724Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2024-32858", datePublished: "2024-06-13T12:48:29.724Z", dateReserved: "2024-04-19T09:34:13.527Z", dateUpdated: "2024-08-02T02:20:35.666Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-06-13 13:15
Modified
2024-11-21 09:15
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D3E1671-D766-4BEE-A382-3F9950540382", versionEndExcluding: "1.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "D355D92F-71AB-4D6D-9D3D-85A0BF4133E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09B0F2CD-223E-4C11-896E-E0D2AED3D7CA", versionEndExcluding: "1.0.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r11:-:*:*:*:*:*:*:*", matchCriteriaId: "4C32F25E-2F1F-409D-85DF-15CCAB423DD5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D3892D1-FA31-4E08-8C4A-B233A7E6166E", versionEndExcluding: "1.1.25", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r12:-:*:*:*:*:*:*:*", matchCriteriaId: "6F0C34FD-6A6D-43BF-B548-13D57532AF8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2BA98A09-CEC8-4765-9F67-1B8E31A403BA", versionEndIncluding: "1.1.19", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:*", matchCriteriaId: "486DCCF7-79D9-45C1-8CBD-26FB78705F91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "502B41A3-DA11-4F02-ADBA-12BAEB90E9D9", versionEndExcluding: "1.1.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15:-:*:*:*:*:*:*:*", matchCriteriaId: "2943649A-0559-4184-AE43-B6FCEDF3BF98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34DF7BEA-2EF9-47A8-965D-C045C793F834", versionEndExcluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*", matchCriteriaId: "503027CC-7D9B-4F00-9728-48C12B18BD7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2FE0D4-FEFE-4E9D-BFCA-5EAC643E47A1", versionEndExcluding: "2.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*", matchCriteriaId: "66B64687-CF02-414E-B961-84A011DC49E6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC6538F-95F5-411B-9AEE-E330D33F765E", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "FCCE762E-FB6C-4493-A21F-347DE5CB57E0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7EE1A9B5-8534-4DAE-957E-FF670060C35A", versionEndIncluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "B084185F-1C0D-47D9-9F72-A79095462428", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "626441E2-E195-4E18-B5CF-093CE2706827", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "EF7B8EAD-E6FD-4CCE-9CE8-605A3BF3357A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3E92F1AF-4259-40FA-BD64-2B5E36DB815B", versionEndIncluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "C631E678-90F0-4DB2-8AB8-7378EC32FAC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "84A10F10-F9C8-4FF0-8F28-BCBDABE8C8EA", versionEndIncluding: "1.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x14:-:*:*:*:*:*:*:*", matchCriteriaId: "05928944-E647-4A4D-AEA1-B67804BC7DB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69E828F7-2199-470B-B3F3-251704F4BAA4", versionEndIncluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "B5BC0BF5-9D20-43DB-BF65-F2D2E8EC6970", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9A38198-F80D-4D7C-B660-8B5B44C95751", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "A254E353-E519-401F-8657-76C7625F9A0C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF468943-A697-46B0-A8DF-3D9F329E87D6", versionEndIncluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "8128EE9B-97C5-40A2-A7F6-8AE7E4D9D1E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07378EE2-F446-4E05-A6C3-42532865C664", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "4C0272BD-DAFD-47EC-9B70-F72B686032B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:aurora_r16_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F084A15D-0C77-4AC7-A2E8-CCE5B638C968", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:aurora_r16:-:*:*:*:*:*:*:*", matchCriteriaId: "D6A86161-7209-4DC6-9315-66C37C1807DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2CB354C9-725F-41D3-A514-C61D1E2C6DD9", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3510:-:*:*:*:*:*:*:*", matchCriteriaId: "F9B4D72F-BF7F-4AE3-825E-394DF12F0482", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_352_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AF372BE7-5B95-4DF7-A85A-22B92D3931BF", versionEndExcluding: "1.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_352:-:*:*:*:*:*:*:*", matchCriteriaId: "807B8FFB-4AB1-43B3-B2E6-BA53D1244437", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36119F09-7608-4DD7-A5BC-297D015F9FE8", versionEndExcluding: "1.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*", matchCriteriaId: "52628A84-FEE1-4194-A13F-4139A3A0AE9F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54398C42-AD80-4365-8F44-F3B6F44D33F5", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8950:-:*:*:*:*:*:*:*", matchCriteriaId: "5944D668-16F9-4098-A99E-811F02C65B2A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C42BB7D-2380-4FA9-8C5C-FE0F594B3A7F", versionEndExcluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8960:-:*:*:*:*:*:*:*", matchCriteriaId: "E75E14FE-EDC4-43F8-960C-F135EDFFBDCB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, { lang: "es", value: "Dell Client Platform BIOS contiene una vulnerabilidad de validación de entrada incorrecta en un componente desarrollado externamente. Un atacante con privilegios elevados y acceso local podría explotar esta vulnerabilidad y provocar la ejecución del código.", }, ], id: "CVE-2024-32860", lastModified: "2024-11-21T09:15:52.723", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-13T13:15:49.517", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-13 13:15
Modified
2024-11-21 09:15
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C42BB7D-2380-4FA9-8C5C-FE0F594B3A7F", versionEndExcluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8960:-:*:*:*:*:*:*:*", matchCriteriaId: "E75E14FE-EDC4-43F8-960C-F135EDFFBDCB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54398C42-AD80-4365-8F44-F3B6F44D33F5", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8950:-:*:*:*:*:*:*:*", matchCriteriaId: "5944D668-16F9-4098-A99E-811F02C65B2A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36119F09-7608-4DD7-A5BC-297D015F9FE8", versionEndExcluding: "1.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*", matchCriteriaId: "52628A84-FEE1-4194-A13F-4139A3A0AE9F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3521_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2DFD29BF-F445-4A9B-9D50-827FE7587218", versionEndExcluding: "1.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3521:-:*:*:*:*:*:*:*", matchCriteriaId: "70AC0D33-2C41-4EA7-969B-A5B3519330AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2CB354C9-725F-41D3-A514-C61D1E2C6DD9", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3510:-:*:*:*:*:*:*:*", matchCriteriaId: "F9B4D72F-BF7F-4AE3-825E-394DF12F0482", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:aurora_r16_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F084A15D-0C77-4AC7-A2E8-CCE5B638C968", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:aurora_r16:-:*:*:*:*:*:*:*", matchCriteriaId: "D6A86161-7209-4DC6-9315-66C37C1807DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07378EE2-F446-4E05-A6C3-42532865C664", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "4C0272BD-DAFD-47EC-9B70-F72B686032B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E83B0E30-CFFB-4AFE-AF42-1475F14186E7", versionEndExcluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "8128EE9B-97C5-40A2-A7F6-8AE7E4D9D1E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9A38198-F80D-4D7C-B660-8B5B44C95751", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "A254E353-E519-401F-8657-76C7625F9A0C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "002D9A38-2618-4896-B0BA-AC18CAF41253", versionEndExcluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "B5BC0BF5-9D20-43DB-BF65-F2D2E8EC6970", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F1AD900-16EC-4315-83A6-A2CB22E6E185", versionEndExcluding: "1.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x14:-:*:*:*:*:*:*:*", matchCriteriaId: "05928944-E647-4A4D-AEA1-B67804BC7DB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2380D6A-4E39-423D-9565-E8406AF99E86", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "C631E678-90F0-4DB2-8AB8-7378EC32FAC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "626441E2-E195-4E18-B5CF-093CE2706827", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "EF7B8EAD-E6FD-4CCE-9CE8-605A3BF3357A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "32A341BF-9651-47F1-8CE4-8AF991AD8CEF", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "B084185F-1C0D-47D9-9F72-A79095462428", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC6538F-95F5-411B-9AEE-E330D33F765E", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "FCCE762E-FB6C-4493-A21F-347DE5CB57E0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2FE0D4-FEFE-4E9D-BFCA-5EAC643E47A1", versionEndExcluding: "2.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*", matchCriteriaId: "66B64687-CF02-414E-B961-84A011DC49E6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34DF7BEA-2EF9-47A8-965D-C045C793F834", versionEndExcluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*", matchCriteriaId: "503027CC-7D9B-4F00-9728-48C12B18BD7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AB53C84B-F912-4BBF-B7B1-D2361E4B6E1A", versionEndExcluding: "1.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15:-:*:*:*:*:*:*:*", matchCriteriaId: "2943649A-0559-4184-AE43-B6FCEDF3BF98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF07E3CF-0029-429F-84CA-C50CEF591176", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:*", matchCriteriaId: "486DCCF7-79D9-45C1-8CBD-26FB78705F91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D3892D1-FA31-4E08-8C4A-B233A7E6166E", versionEndExcluding: "1.1.25", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r12:-:*:*:*:*:*:*:*", matchCriteriaId: "6F0C34FD-6A6D-43BF-B548-13D57532AF8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09B0F2CD-223E-4C11-896E-E0D2AED3D7CA", versionEndExcluding: "1.0.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r11:-:*:*:*:*:*:*:*", matchCriteriaId: "4C32F25E-2F1F-409D-85DF-15CCAB423DD5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1C7E4EF-A5CE-479F-8FBC-A79920726D51", versionEndExcluding: "2.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r10:-:*:*:*:*:*:*:*", matchCriteriaId: "D1B5E1A2-3F3B-42AF-93ED-01ABF2763BC6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D3E1671-D766-4BEE-A382-3F9950540382", versionEndExcluding: "1.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "D355D92F-71AB-4D6D-9D3D-85A0BF4133E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, { lang: "es", value: "Dell Client Platform BIOS contiene una vulnerabilidad de validación de entrada incorrecta en un componente desarrollado externamente. Un atacante con privilegios elevados y acceso local podría explotar esta vulnerabilidad y provocar la ejecución del código.", }, ], id: "CVE-2024-32859", lastModified: "2024-11-21T09:15:52.540", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-13T13:15:49.210", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-13 13:15
Modified
2024-11-21 09:15
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C42BB7D-2380-4FA9-8C5C-FE0F594B3A7F", versionEndExcluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8960:-:*:*:*:*:*:*:*", matchCriteriaId: "E75E14FE-EDC4-43F8-960C-F135EDFFBDCB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54398C42-AD80-4365-8F44-F3B6F44D33F5", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8950:-:*:*:*:*:*:*:*", matchCriteriaId: "5944D668-16F9-4098-A99E-811F02C65B2A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36119F09-7608-4DD7-A5BC-297D015F9FE8", versionEndExcluding: "1.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*", matchCriteriaId: "52628A84-FEE1-4194-A13F-4139A3A0AE9F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3521_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2DFD29BF-F445-4A9B-9D50-827FE7587218", versionEndExcluding: "1.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3521:-:*:*:*:*:*:*:*", matchCriteriaId: "70AC0D33-2C41-4EA7-969B-A5B3519330AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2CB354C9-725F-41D3-A514-C61D1E2C6DD9", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3510:-:*:*:*:*:*:*:*", matchCriteriaId: "F9B4D72F-BF7F-4AE3-825E-394DF12F0482", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:aurora_r16_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F084A15D-0C77-4AC7-A2E8-CCE5B638C968", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:aurora_r16:-:*:*:*:*:*:*:*", matchCriteriaId: "D6A86161-7209-4DC6-9315-66C37C1807DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07378EE2-F446-4E05-A6C3-42532865C664", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "4C0272BD-DAFD-47EC-9B70-F72B686032B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E83B0E30-CFFB-4AFE-AF42-1475F14186E7", versionEndExcluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "8128EE9B-97C5-40A2-A7F6-8AE7E4D9D1E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9A38198-F80D-4D7C-B660-8B5B44C95751", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "A254E353-E519-401F-8657-76C7625F9A0C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "002D9A38-2618-4896-B0BA-AC18CAF41253", versionEndExcluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "B5BC0BF5-9D20-43DB-BF65-F2D2E8EC6970", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F1AD900-16EC-4315-83A6-A2CB22E6E185", versionEndExcluding: "1.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x14:-:*:*:*:*:*:*:*", matchCriteriaId: "05928944-E647-4A4D-AEA1-B67804BC7DB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2380D6A-4E39-423D-9565-E8406AF99E86", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "C631E678-90F0-4DB2-8AB8-7378EC32FAC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "626441E2-E195-4E18-B5CF-093CE2706827", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "EF7B8EAD-E6FD-4CCE-9CE8-605A3BF3357A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "32A341BF-9651-47F1-8CE4-8AF991AD8CEF", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "B084185F-1C0D-47D9-9F72-A79095462428", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC6538F-95F5-411B-9AEE-E330D33F765E", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "FCCE762E-FB6C-4493-A21F-347DE5CB57E0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2FE0D4-FEFE-4E9D-BFCA-5EAC643E47A1", versionEndExcluding: "2.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*", matchCriteriaId: "66B64687-CF02-414E-B961-84A011DC49E6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34DF7BEA-2EF9-47A8-965D-C045C793F834", versionEndExcluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*", matchCriteriaId: "503027CC-7D9B-4F00-9728-48C12B18BD7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AB53C84B-F912-4BBF-B7B1-D2361E4B6E1A", versionEndExcluding: "1.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15:-:*:*:*:*:*:*:*", matchCriteriaId: "2943649A-0559-4184-AE43-B6FCEDF3BF98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF07E3CF-0029-429F-84CA-C50CEF591176", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:*", matchCriteriaId: "486DCCF7-79D9-45C1-8CBD-26FB78705F91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D3892D1-FA31-4E08-8C4A-B233A7E6166E", versionEndExcluding: "1.1.25", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r12:-:*:*:*:*:*:*:*", matchCriteriaId: "6F0C34FD-6A6D-43BF-B548-13D57532AF8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09B0F2CD-223E-4C11-896E-E0D2AED3D7CA", versionEndExcluding: "1.0.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r11:-:*:*:*:*:*:*:*", matchCriteriaId: "4C32F25E-2F1F-409D-85DF-15CCAB423DD5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1C7E4EF-A5CE-479F-8FBC-A79920726D51", versionEndExcluding: "2.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r10:-:*:*:*:*:*:*:*", matchCriteriaId: "D1B5E1A2-3F3B-42AF-93ED-01ABF2763BC6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D3E1671-D766-4BEE-A382-3F9950540382", versionEndExcluding: "1.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "D355D92F-71AB-4D6D-9D3D-85A0BF4133E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", }, { lang: "es", value: "Dell Client Platform BIOS contiene una vulnerabilidad de validación de entrada incorrecta en un componente desarrollado externamente. Un atacante con privilegios elevados y acceso local podría explotar esta vulnerabilidad y provocar la ejecución del código.", }, ], id: "CVE-2024-32858", lastModified: "2024-11-21T09:15:52.360", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-13T13:15:48.833", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-13 12:15
Modified
2024-11-21 09:15
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4C42BB7D-2380-4FA9-8C5C-FE0F594B3A7F", versionEndExcluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8960:-:*:*:*:*:*:*:*", matchCriteriaId: "E75E14FE-EDC4-43F8-960C-F135EDFFBDCB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "54398C42-AD80-4365-8F44-F3B6F44D33F5", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8950:-:*:*:*:*:*:*:*", matchCriteriaId: "5944D668-16F9-4098-A99E-811F02C65B2A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "36119F09-7608-4DD7-A5BC-297D015F9FE8", versionEndExcluding: "1.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*", matchCriteriaId: "52628A84-FEE1-4194-A13F-4139A3A0AE9F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3521_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2DFD29BF-F445-4A9B-9D50-827FE7587218", versionEndExcluding: "1.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3521:-:*:*:*:*:*:*:*", matchCriteriaId: "70AC0D33-2C41-4EA7-969B-A5B3519330AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2CB354C9-725F-41D3-A514-C61D1E2C6DD9", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3510:-:*:*:*:*:*:*:*", matchCriteriaId: "F9B4D72F-BF7F-4AE3-825E-394DF12F0482", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:aurora_r16_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F084A15D-0C77-4AC7-A2E8-CCE5B638C968", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:aurora_r16:-:*:*:*:*:*:*:*", matchCriteriaId: "D6A86161-7209-4DC6-9315-66C37C1807DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "07378EE2-F446-4E05-A6C3-42532865C664", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "4C0272BD-DAFD-47EC-9B70-F72B686032B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E83B0E30-CFFB-4AFE-AF42-1475F14186E7", versionEndExcluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "8128EE9B-97C5-40A2-A7F6-8AE7E4D9D1E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9A38198-F80D-4D7C-B660-8B5B44C95751", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "A254E353-E519-401F-8657-76C7625F9A0C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "002D9A38-2618-4896-B0BA-AC18CAF41253", versionEndExcluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "B5BC0BF5-9D20-43DB-BF65-F2D2E8EC6970", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F1AD900-16EC-4315-83A6-A2CB22E6E185", versionEndExcluding: "1.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x14:-:*:*:*:*:*:*:*", matchCriteriaId: "05928944-E647-4A4D-AEA1-B67804BC7DB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2380D6A-4E39-423D-9565-E8406AF99E86", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "C631E678-90F0-4DB2-8AB8-7378EC32FAC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "626441E2-E195-4E18-B5CF-093CE2706827", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "EF7B8EAD-E6FD-4CCE-9CE8-605A3BF3357A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "32A341BF-9651-47F1-8CE4-8AF991AD8CEF", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "B084185F-1C0D-47D9-9F72-A79095462428", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC6538F-95F5-411B-9AEE-E330D33F765E", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "FCCE762E-FB6C-4493-A21F-347DE5CB57E0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2C2FE0D4-FEFE-4E9D-BFCA-5EAC643E47A1", versionEndExcluding: "2.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*", matchCriteriaId: "66B64687-CF02-414E-B961-84A011DC49E6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34DF7BEA-2EF9-47A8-965D-C045C793F834", versionEndExcluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*", matchCriteriaId: "503027CC-7D9B-4F00-9728-48C12B18BD7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AB53C84B-F912-4BBF-B7B1-D2361E4B6E1A", versionEndExcluding: "1.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15:-:*:*:*:*:*:*:*", matchCriteriaId: "2943649A-0559-4184-AE43-B6FCEDF3BF98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF07E3CF-0029-429F-84CA-C50CEF591176", versionEndExcluding: "1.19.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:*", matchCriteriaId: "486DCCF7-79D9-45C1-8CBD-26FB78705F91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D3892D1-FA31-4E08-8C4A-B233A7E6166E", versionEndExcluding: "1.1.25", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r12:-:*:*:*:*:*:*:*", matchCriteriaId: "6F0C34FD-6A6D-43BF-B548-13D57532AF8C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09B0F2CD-223E-4C11-896E-E0D2AED3D7CA", versionEndExcluding: "1.0.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r11:-:*:*:*:*:*:*:*", matchCriteriaId: "4C32F25E-2F1F-409D-85DF-15CCAB423DD5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1C7E4EF-A5CE-479F-8FBC-A79920726D51", versionEndExcluding: "2.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r10:-:*:*:*:*:*:*:*", matchCriteriaId: "D1B5E1A2-3F3B-42AF-93ED-01ABF2763BC6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6D3E1671-D766-4BEE-A382-3F9950540382", versionEndExcluding: "1.26.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "D355D92F-71AB-4D6D-9D3D-85A0BF4133E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.", }, { lang: "es", value: "Dell Client Platform BIOS contiene una vulnerabilidad de validación de entrada incorrecta en un componente desarrollado externamente. Un atacante con privilegios elevados y acceso local podría explotar esta vulnerabilidad y provocar la divulgación de información.", }, ], id: "CVE-2024-32856", lastModified: "2024-11-21T09:15:52.000", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 4.2, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-13T12:15:10.647", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-28 06:15
Modified
2024-12-20 14:38
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
References
▼ | URL | Tags | |
---|---|---|---|
security_alert@emc.com | https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79481B8B-33AB-4BBB-8959-A1EE16ABC3EE", versionEndExcluding: "2.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8960:-:*:*:*:*:*:*:*", matchCriteriaId: "E75E14FE-EDC4-43F8-960C-F135EDFFBDCB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "58CB653C-AD62-4804-B93A-D378241D07EB", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_8950:-:*:*:*:*:*:*:*", matchCriteriaId: "5944D668-16F9-4098-A99E-811F02C65B2A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "20D81C5D-B1AB-44C8-B3EC-5035124D5BF0", versionEndExcluding: "1.18.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*", matchCriteriaId: "52628A84-FEE1-4194-A13F-4139A3A0AE9F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3521_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D6743728-79B1-44FC-B50A-8EC2BAB0A177", versionEndExcluding: "1.16.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3521:-:*:*:*:*:*:*:*", matchCriteriaId: "70AC0D33-2C41-4EA7-969B-A5B3519330AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_15_3510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EAFD9070-F917-456F-8C63-0BAD08363A22", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_15_3510:-:*:*:*:*:*:*:*", matchCriteriaId: "F9B4D72F-BF7F-4AE3-825E-394DF12F0482", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:aurora_r16_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1397546E-8CB7-4E88-988B-4C73B18FB2A3", versionEndExcluding: "2.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:aurora_r16:-:*:*:*:*:*:*:*", matchCriteriaId: "D6A86161-7209-4DC6-9315-66C37C1807DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "95EA4B9E-1636-4E67-A3FA-8EF38C2E5ACE", versionEndExcluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "4C0272BD-DAFD-47EC-9B70-F72B686032B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1BC45F6C-9DC9-4E2F-9C3E-3E71E62937B2", versionEndExcluding: "1.24.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "8128EE9B-97C5-40A2-A7F6-8AE7E4D9D1E1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "601B48A2-B0C3-4D9F-9D83-A4818222A756", versionEndExcluding: "1.22.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "A254E353-E519-401F-8657-76C7625F9A0C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2F00DB-6932-4D0F-A6F8-36A9ABA8138A", versionEndExcluding: "1.24.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*", matchCriteriaId: "B5BC0BF5-9D20-43DB-BF65-F2D2E8EC6970", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_x14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B25E8327-AE8B-49CD-9167-B2967E40F17C", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_x14:-:*:*:*:*:*:*:*", matchCriteriaId: "05928944-E647-4A4D-AEA1-B67804BC7DB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB44CD60-EF6C-47A4-98CF-37D59157FD91", versionEndExcluding: "1.24.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "C631E678-90F0-4DB2-8AB8-7378EC32FAC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5FFFE6D4-B453-4D27-8A3F-9CE9A2B5B1AD", versionEndExcluding: "1.29.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "EF7B8EAD-E6FD-4CCE-9CE8-605A3BF3357A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D35312EA-BE2C-45E1-B86D-676F64AAF4F0", versionEndExcluding: "1.24.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*", matchCriteriaId: "B084185F-1C0D-47D9-9F72-A79095462428", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D224BFF9-3D06-4291-8EBE-7DEDAC24FA94", versionEndExcluding: "1.29.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*", matchCriteriaId: "FCCE762E-FB6C-4493-A21F-347DE5CB57E0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1CE5B200-E6D3-41D1-9280-7FF6C8026B9E", versionEndExcluding: "2.19.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*", matchCriteriaId: "66B64687-CF02-414E-B961-84A011DC49E6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FAB4E70B-69EC-4275-8C46-A2B22C5B1156", versionEndExcluding: "1.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*", matchCriteriaId: "503027CC-7D9B-4F00-9728-48C12B18BD7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9F1B4BFA-3EDC-441D-8F28-FAA1B75A3E74", versionEndExcluding: "1.17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r15:-:*:*:*:*:*:*:*", matchCriteriaId: "2943649A-0559-4184-AE43-B6FCEDF3BF98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "16B7FB3C-5A40-454F-8E45-6099758C222F", versionEndExcluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:*", matchCriteriaId: "486DCCF7-79D9-45C1-8CBD-26FB78705F91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "64B4373D-14E6-4915-B42F-4515E4801AEA", versionEndExcluding: "1.29.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*", matchCriteriaId: "D355D92F-71AB-4D6D-9D3D-85A0BF4133E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.", }, { lang: "es", value: "Dell Client Platform BIOS contiene una vulnerabilidad de uso de clave criptográfica predeterminada. Un atacante con privilegios elevados y acceso local podría explotar esta vulnerabilidad, lo que provocaría una omisión del arranque seguro y la ejecución de código arbitrario.", }, ], id: "CVE-2024-39584", lastModified: "2024-12-20T14:38:16.543", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-28T06:15:05.607", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1392", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }