FKIE_CVE-2024-47238
Vulnerability from fkie_nvd - Published: 2024-12-12 18:15 - Updated: 2025-02-04 15:52
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/en-us/000227595/dsa-2024-355 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6983E4A-CB0A-4ECA-98F6-087422CD7248",
"versionEndExcluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A103FC-917C-4C48-A7C5-1DFBD03D81F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:edge_gateway_3001_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "999C5867-3C72-4168-9253-3DDC5A0F7B16",
"versionEndExcluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:edge_gateway_3001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8909DDF-1E31-43BA-B1F4-D6AD6C63DB00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:edge_gateway_3002_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC17F4E-BED3-4115-AC3A-11CBA2AA339B",
"versionEndExcluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:edge_gateway_3002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8AEDC56-9329-4FC3-A660-4255A2CDA2DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:edge_gateway_3003_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A403B04-6CA6-44F7-BC8A-4450265CC0AC",
"versionEndExcluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:edge_gateway_3003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3165EDB1-D427-420E-B9B6-615A58387DD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9D9627-D510-41A3-A217-921FE7166550",
"versionEndExcluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B42C9EA-86DD-4643-8F5D-FCE91AEF9253",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:edge_gateway_5100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB21BB-84A9-4BD3-8E01-965B8DF9A344",
"versionEndExcluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:edge_gateway_5100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5D8F56-FBBB-4B2D-9720-5A806490F533",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D90C7E5D-3B90-45AE-809C-0926A74F50AC",
"versionEndExcluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4FB13B-F6D1-428E-A0D5-2483EBD1DD1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:edge_gateway_3200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC04DD0A-9CD2-4459-8C60-97573BC16A05",
"versionEndExcluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:edge_gateway_3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA59414-5A32-4706-85A5-D5459EE22BA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution."
},
{
"lang": "es",
"value": "Dell Client Platform BIOS contiene una vulnerabilidad de validaci\u00f3n de entrada incorrecta en un componente desarrollado externamente. Un atacante con privilegios elevados y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2024-47238",
"lastModified": "2025-02-04T15:52:06.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-12T18:15:25.250",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227595/dsa-2024-355"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…