Lucene search

DellCVELIST:CVE-2024-42424

HistorySep 10, 2024 - 8:05 a.m.

CVE-2024-42424

2024-09-1008:05:43

CWE-20

dell

www.cve.org

dell precision rack

14g

bios

information disclosure

vulnerability

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS

Percentile

9.6%

JSON

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Precision Rack BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "2.22.1",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000227014/dsa-2024-327

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-42424