Lucene search

DellVULNRICHMENT:CVE-2024-38483

HistoryAug 14, 2024 - 9:24 a.m.

CVE-2024-38483

2024-08-1409:24:10

CWE-20

dell

github.com

dell bios

input validation

code execution

external component

CVSS3

5.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "Dell Client Platform BIOS",
    "versions": [
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.35.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "2.32.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.26.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "latitude_5290_2-in-1_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.35.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:dell:precision_3420_tower_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "precision_3420_tower_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.32.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:dell:precision_3620_tower_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "precision_3620_tower_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.32.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:dell:wyse_7040_thin_client_firmware:-:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "wyse_7040_thin_client_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.26.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.dell.com/support/kbdoc/en-us/000225776/dsa-2024-260

CVSS3

5.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-38483