Lucene search

DellVULNRICHMENT:CVE-2024-32855

HistoryJun 25, 2024 - 4:06 a.m.

CVE-2024-32855

2024-06-2504:06:39

CWE-787

dell

github.com

dell client platform

bios

out-of-bounds write

vulnerability

information tampering

3.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.30.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.26.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.34.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.28.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.25.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.24.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.31.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.36.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.35.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.29.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.32.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.33.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.50.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.37.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.38.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.31.8",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000225627/dsa-2024-123

3.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-32855