FKIE_CVE-2024-28970

Vulnerability from fkie_nvd - Published: 2024-06-12 07:15 - Updated: 2024-11-21 09:07
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
References
security_alert@emc.comhttps://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168Vendor Advisory
Impacted products
Vendor Product Version
dell vostro_5502_firmware *
dell vostro_5502 -
dell vostro_5402_firmware *
dell vostro_5402 -
dell precision_3660_firmware *
dell precision_3660 -
dell inspiron_5509_firmware *
dell inspiron_5509 -
dell inspiron_5502_firmware *
dell inspiron_5502 -
dell inspiron_5409_firmware *
dell inspiron_5409 -
dell inspiron_5402_firmware *
dell inspiron_5402 -
dell inspiron_27_7720_all-in-one_firmware *
dell inspiron_27_7720_all-in-one -
dell inspiron_24_5420_all-in-one_firmware *
dell inspiron_24_5420_all-in-one -
dell inspiron_16_plus_7640_firmware *
dell inspiron_16_plus_7640 -
dell inspiron_16_7640_2-in-1_firmware *
dell inspiron_16_7640_2-in-1 -
dell inspiron_14_plus_7440_firmware *
dell inspiron_14_plus_7440 -
dell g7_7700_firmware *
dell g7_7700 -
dell g7_7500_firmware *
dell g7_7500 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:vostro_5502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9331090C-86A7-4AD4-8A6A-527D05F365A5",
              "versionEndExcluding": "1.30.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE0FA29A-7C7F-475D-AAF3-01EBE1458573",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:vostro_5402_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96BC45B0-2C8D-43A7-8EC5-2D7D92F30D2B",
              "versionEndExcluding": "1.30.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D61966-94CE-40C9-A16C-0F2356485EAC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:precision_3660_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "488898E7-F417-4FE1-A731-47B80714989E",
              "versionEndExcluding": "2.14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "282554C6-893D-454C-A6FF-E2AC40A4086D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_5509_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9840128B-7FA3-4283-B94A-C6E75D61ADE9",
              "versionEndExcluding": "1.30.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34013CBF-0C0B-4A95-AA02-49A5C2DB7EE5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_5502_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2906BA1C-55BE-4ACA-992C-D71D19286369",
              "versionEndExcluding": "1.30.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDEFE664-624C-46BF-A206-63863918F185",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_5409_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B237BDA7-11C0-4859-80E0-59C08FE7F204",
              "versionEndExcluding": "1.30.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2163D58E-1B2C-4A5F-B2AA-3B6B41D73849",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_5402_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F429A0-B73F-4843-AF41-8F308BBAF110",
              "versionEndExcluding": "1.30.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2093F8-84E0-41C5-A4F8-2D928E892DA8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F1DA20F-A455-4C0B-BA73-BEC14245292D",
              "versionEndExcluding": "1.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_27_7720_all-in-one:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D955805-D03F-4605-B478-6EC7804B339B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B0D46B4-E069-4508-8B2E-29C0B81C7763",
              "versionEndExcluding": "1.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_24_5420_all-in-one:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3EEE0D2-DFF2-49E0-BB06-F614CECC9B34",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_16_plus_7640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C53A39C4-B865-497B-B009-F888A4A12040",
              "versionEndExcluding": "1.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_16_plus_7640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DA7562A-CFEA-4291-853A-4511C3E91BE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_16_7640_2-in-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BC18F3-EF39-4FDA-943D-F64D6A68C3A7",
              "versionEndExcluding": "1.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_16_7640_2-in-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C6C99A-05EB-44C0-BA8E-77D123D79831",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_14_plus_7440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F553F5EC-AE61-4818-B0DE-A65A88F60D41",
              "versionEndExcluding": "1.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_14_plus_7440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1512C5-8797-4075-90FA-AE0DFB3AC63B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA565B6-C79B-4D67-920F-D51E779FC70A",
              "versionEndExcluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20046D13-2EE4-438C-8C98-089D018ADD44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8503E891-4E04-467D-B4FA-421C467C4F3C",
              "versionEndExcluding": "1.32.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7B6CD4-5129-46B5-8C72-6CE584F7FE9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service."
    },
    {
      "lang": "es",
      "value": "Dell Client BIOS contiene una vulnerabilidad de escritura fuera de los l\u00edmites. Un usuario malintencionado local autenticado con privilegios de administrador podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una denegaci\u00f3n de servicio de la plataforma."
    }
  ],
  "id": "CVE-2024-28970",
  "lastModified": "2024-11-21T09:07:17.760",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 4.2,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-12T07:15:51.347",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.