Lucene search

[email protected]NVD:CVE-2024-42425

HistorySep 10, 2024 - 9:15 a.m.

CVE-2024-42425

2024-09-1009:15:03

CWE-119

CWE-788

[email protected]

web.nvd.nist.gov

cve-2024-42425

dell

precision rack

bios

vulnerability

memory location

exploit

information disclosure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

26.7%

JSON

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Affected configurations

Nvd

Node

dellprecision_7920_firmwareRange<2.22.1

AND

dellprecision_7920Match-

Node

dell7920_xl_firmwareRange<2.22.1

AND

dell7920_xlMatch-

VendorProductVersionCPE
dellprecision_7920_firmware*cpe:2.3:o:dell:precision_7920_firmware:*:*:*:*:*:*:*:*
dellprecision_7920-cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*
dell7920_xl_firmware*cpe:2.3:o:dell:7920_xl_firmware:*:*:*:*:*:*:*:*
dell7920_xl-cpe:2.3:h:dell:7920_xl:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	precision_7920_firmware	*	cpe:2.3:o:dell:precision_7920_firmware::::::::
dell	precision_7920	-	cpe:2.3:h:dell:precision_7920:-:::::::*
dell	7920_xl_firmware	*	cpe:2.3:o:dell:7920_xl_firmware::::::::
dell	7920_xl	-	cpe:2.3:h:dell:7920_xl:-:::::::*

References

www.dell.com/support/kbdoc/en-us/000227015/dsa-2024-328

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

26.7%

JSON

Related for NVD:CVE-2024-42425

vulnrichment1 cve1 cvelist1