Search

Find a vulnerability

Search criteria

    221 vulnerabilities found for CPG BIOS by Dell

    VAR-202101-1141

    Vulnerability from variot - Updated: 2024-11-23 23:01

    Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication. Dell BIOS Contains a vulnerability in the password management function.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell Client Commercial and Dell Consumer are a series of workstation equipment from Dell in the United States

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1141",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cpg bios",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dell",
            "version": "*"
          },
          {
            "model": "bios",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          },
          {
            "model": "bios",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5361"
          }
        ]
      },
      "cve": "CVE-2020-5361",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-5361",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-183486",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2020-5361",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "security_alert@emc.com",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 0.9,
                "id": "CVE-2020-5361",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Physical",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.6,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2020-5361",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-5361",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2020-5361",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-5361",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-103",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-183486",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-183486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5361"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5361"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication. Dell BIOS Contains a vulnerability in the password management function.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell Client Commercial and Dell Consumer are a series of workstation equipment from Dell in the United States",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-5361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "db": "VULHUB",
            "id": "VHN-183486"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-5361",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-103",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-183486",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-183486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5361"
          }
        ]
      },
      "id": "VAR-202101-1141",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-183486"
          }
        ],
        "trust": 0.54805196
      },
      "last_update_date": "2024-11-23T23:01:09.935000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-2020-119",
            "trust": 0.8,
            "url": "https://www.dell.com/support/kbdoc/ja-jp/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability"
          },
          {
            "title": "Dell Client Commercial and Consumer Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138357"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-103"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-640",
            "trust": 1.1
          },
          {
            "problemtype": "Weak password recovery mechanism when you forget your password (CWE-640) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-183486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5361"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5361"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-183486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5361"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-183486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-5361"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-183486"
          },
          {
            "date": "2021-09-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "date": "2021-01-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-103"
          },
          {
            "date": "2021-01-04T22:15:13.950000",
            "db": "NVD",
            "id": "CVE-2020-5361"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-183486"
          },
          {
            "date": "2021-09-30T08:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          },
          {
            "date": "2021-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-103"
          },
          {
            "date": "2024-11-21T05:33:58.990000",
            "db": "NVD",
            "id": "CVE-2020-5361"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell\u00a0BIOS\u00a0 Vulnerability in password management function",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-015521"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-103"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2024-0158 (GCVE-0-2024-0158)

    Vulnerability from nvd – Published: 2024-07-02 06:20 – Updated: 2024-08-01 17:41
    VLAI
    Summary
    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.23.0 (semver)
    Affected: N/A , < 1.15.0 (semver)
    Affected: N/A , < 1.2.1 (semver)
    Affected: N/A , < 1.12.1 (semver)
    Affected: N/A , < 1.2.0 (semver)
    Affected: N/A , < 1.20.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.26.0 (semver)
    Affected: N/A , < 1.27.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 1.29.0 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.25.0 (semver)
    Affected: N/A , < 1.31.0 (semver)
    Affected: N/A , < 2.27.0 (semver)
    Affected: N/A , < 2.35.0 (semver)
    Affected: N/A , < 2.39.0 (semver)
    Affected: N/A , < 1.17.0 (semver)
    Affected: N/A , < 1.24.0 (semver)
    Affected: N/A , < 2.26.0 (semver)
    Affected: N/A , < 1.13.1 (semver)
    Affected: N/A , < 2.25.0 (semver)
    Affected: N/A , < 1.3.1 (semver)
    Affected: N/A , < 1.18.0 (semver)
    Affected: N/A , < 1.21.0 (semver)
    Affected: N/A , < 1.22.0 (semver)
    Affected: N/A , < 1.9.0 (semver)
    Affected: N/A , < 1.3.0 (semver)
    Affected: N/A , < 1.30.0 (semver)
    Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.29..0 (semver)
    Affected: N/A , < 1.45.0 (semver)
    Affected: N/A , < 1.33.0 (semver)
    Affected: N/A , < 1.11.0 (semver)
    Affected: N/A , < 1.35.0 (semver)
    Affected: N/A , < 1.34.0 (semver)
    Affected: N/A , < 1.36.0 (semver)
    Affected: N/A , < 1.36.2 (semver)
    Affected: N/A , < 1.25.1 (semver)
    Affected: N/A , < 1.21.1 (semver)
    Affected: N/A , < 1.4.1 (semver)
    Affected: N/A , < 1.49.0 (semver)
    Affected: N/A , < 1.37.0 (semver)
    Affected: N/A , < 1.34.2 (semver)
    Affected: N/A , < 1.30.1 (semver)
    Affected: N/A , < 1.16.1 (semver)
    Affected: N/A , < 2.24.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 1.1.38 (semver)
    Affected: N/A , < 3.3.2 (semver)
    Affected: N/A , < 2.29.0 (semver)
    Affected: N/A , < 2.12.0 (semver)
    Affected: N/A , < 2.30.0 (semver)
    Affected: N/A , < 1.30.8 (semver)
    Affected: N/A , < 1.10.0 (semver)
    Affected: N/A , < 1.26.1 (semver)
    Affected: N/A , < 1.1.17 (semver)
    Affected: N/A , < 1.20.1 (semver)
    Affected: N/A , < 1.7.0 (semver)
    Affected: N/A , < 01.03.00 (semver)
    Affected: N/A , < 1.1.16 (semver)
    Affected: N/A , < 3.21.0 (semver)
    Affected: N/A , < 2.23.0 (semver)
    Affected: N/A , < 1.19.1 (semver)
    Affected: N/A , < 2.10.0 (semver)
    Affected: N/A , < 2.18.1 (semver)
    Affected: N/A , < 1.14.0 (semver)
    Create a notification for this product.
    Date Public
    2024-03-12 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T14:21:02.955425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T14:21:13.009Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.039Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.23.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.27.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.35.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.39.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.17.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.26.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.25.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.21.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.29..0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.45.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.33.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.11.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.35.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.34.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.36.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.36.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.21.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.4.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.49.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.37.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.34.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.30.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.24.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.38",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.3.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.30.8",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.10.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.17",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "01.03.00",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.16",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.21.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.23.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-03-12T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
                }
              ],
              "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T06:20:44.735Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-0158",
        "datePublished": "2024-07-02T06:20:44.735Z",
        "dateReserved": "2023-12-14T05:30:35.591Z",
        "dateUpdated": "2024-08-01T17:41:16.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32855 (GCVE-0-2024-32855)

    Vulnerability from nvd – Published: 2024-06-25 04:06 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.30.0 (semver)
    Affected: N/A , < 1.26.0 (semver)
    Affected: N/A , < 1.34.0 (semver)
    Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.25.0 (semver)
    Affected: N/A , < 1.24.0 (semver)
    Affected: N/A , < 1.31.0 (semver)
    Affected: N/A , < 1.36.0 (semver)
    Affected: N/A , < 1.35.0 (semver)
    Affected: N/A , < 1.29.0 (semver)
    Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.33.0 (semver)
    Affected: N/A , < 1.50.0 (semver)
    Affected: N/A , < 1.37.0 (semver)
    Affected: N/A , < 1.38.0 (semver)
    Affected: N/A , < 1.31.8 (semver)
    Create a notification for this product.
    Date Public
    2024-06-24 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32855",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-25T13:13:59.349457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-25T13:14:05.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000225627/dsa-2024-123"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.34.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.36.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.35.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.33.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.50.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.37.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.38.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.8",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-06-24T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-25T04:06:39.172Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000225627/dsa-2024-123"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32855",
        "datePublished": "2024-06-25T04:06:39.172Z",
        "dateReserved": "2024-04-19T09:34:13.526Z",
        "dateUpdated": "2024-08-02T02:20:35.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32860 (GCVE-0-2024-32860)

    Vulnerability from nvd – Published: 2024-06-13 13:00 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.0.24 (semver)
    Affected: N/A , < 1.1.25 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 2.7.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 2.6.0 (semver)
    Create a notification for this product.
    dell cpg_bios Affected: 0 , < 1.0.24 (semver)
    Affected: 0 , < 1.1.25 (semver)
    Affected: 0 , < 1.19.0 (semver)
    Affected: 0 , < 1.12.0 (semver)
    Affected: 0 , < 1.13.0 (semver)
    Affected: 0 , < 2.18.0 (semver)
    Affected: 0 , < 2.7.0 (semver)
    Affected: 0 , < 1.16.0 (semver)
    Affected: 0 , < 2.6.0 (semver)
        cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cpg_bios",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.0.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.1.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "2.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "2.7.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.16.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "2.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-20T13:49:01.558476Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-20T14:48:48.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.0.24",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.25",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T13:00:19.384Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32860",
        "datePublished": "2024-06-13T13:00:19.384Z",
        "dateReserved": "2024-04-19T09:34:13.527Z",
        "dateUpdated": "2024-08-02T02:20:35.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32859 (GCVE-0-2024-32859)

    Vulnerability from nvd – Published: 2024-06-13 12:39 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.8.0 (semver)
    Affected: N/A , < 1.0.24 (semver)
    Affected: N/A , < 1.1.25 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 2.7.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 2.6.0 (semver)
    Create a notification for this product.
    dell alienware_aurora_r15_amd_firmware Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r16_firmware Affected: 0 , < 2.7.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r10_firmware Affected: 0 , < 2.8.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r11_firmware Affected: 0 , < 1.0.24 (semver)
        cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r12_firmware Affected: 0 , < 1.1.25 (semver)
        cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r13_firmware Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r14_ryzen_edition_firmware Affected: 0 , < 2.18.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r15_firmware Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_3502_firmware Affected: 0 , < 1.16.0 (semver)
        cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_8950_firmware Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_8960_firmware Affected: 0 , < 2.6.0 (semver)
        cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r15_amd_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r16_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.7.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r10_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.8.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r11_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.0.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r12_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.1.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r13_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r14_ryzen_edition_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r15_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_3502_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.16.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_8950_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_8960_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T13:39:08.008139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-13T16:01:53.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.0.24",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.25",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue"
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T12:39:41.863Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32859",
        "datePublished": "2024-06-13T12:39:41.863Z",
        "dateReserved": "2024-04-19T09:34:13.527Z",
        "dateUpdated": "2024-08-02T02:20:35.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32858 (GCVE-0-2024-32858)

    Vulnerability from nvd – Published: 2024-06-13 12:48 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.8.0 (semver)
    Affected: N/A , < 1.0.24 (semver)
    Affected: N/A , < 1.1.25 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 2.7.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 2.6.0 (semver)
    Create a notification for this product.
    dell alienware_aurora_r10_firmware Affected: 0 , < 2.8.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r11_firmware Affected: 0 , < 1.0.24 (semver)
        cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r12_firmware Affected: 0 , < 1.1.25 (semver)
        cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r13_firmware Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r14_ryzen_edition_firmware Affected: 0 , < 2.18.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r15_firmware Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r15_amd_firmware Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r16_firmware Affected: 0 , < 2.7.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_3502_firmware Affected: 0 , < 1.16.0 (semver)
        cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_8950_firmware Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_8960_firmware Affected: 0 , < 2.6.0 (semver)
        cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r10_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.8.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r11_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.0.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r12_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.1.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r13_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r14_ryzen_edition_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r15_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r15_amd_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r16_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.7.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_3502_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.16.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_8950_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_8960_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32858",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T13:37:43.257078Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-13T16:09:43.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.666Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.0.24",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.25",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue"
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T12:48:29.724Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32858",
        "datePublished": "2024-06-13T12:48:29.724Z",
        "dateReserved": "2024-04-19T09:34:13.527Z",
        "dateUpdated": "2024-08-02T02:20:35.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32856 (GCVE-0-2024-32856)

    Vulnerability from nvd – Published: 2024-06-13 11:51 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.8.0 (semver)
    Affected: N/A , < 1.0.24 (semver)
    Affected: N/A , < 1.1.25 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 2.7.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T13:07:26.971457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-17T13:07:31.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.0.24",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.25",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T11:51:03.183Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32856",
        "datePublished": "2024-06-13T11:51:03.183Z",
        "dateReserved": "2024-04-19T09:34:13.526Z",
        "dateUpdated": "2024-08-02T02:20:35.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28970 (GCVE-0-2024-28970)

    Vulnerability from nvd – Published: 2024-06-12 06:51 – Updated: 2024-08-02 01:03
    VLAI
    Summary
    Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.6.0 (semver)
    Affected: N/A , < 1.4.0 (semver)
    Affected: N/A , < 1.11.0 (semver)
    Affected: N/A , < 1.30.0 (semver)
    Affected: N/A , < 2.14.0 (semver)
    Create a notification for this product.
    Credits
    Dell would like to thank Maxim Suhanov for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28970",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T13:11:36.237352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T13:11:44.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:03:51.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.4.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.11.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell would like to thank Maxim Suhanov for reporting this issue"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service."
                }
              ],
              "value": "Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-12T06:51:49.004Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-28970",
        "datePublished": "2024-06-12T06:51:49.004Z",
        "dateReserved": "2024-03-13T15:42:12.961Z",
        "dateUpdated": "2024-08-02T01:03:51.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0160 (GCVE-0-2024-0160)

    Vulnerability from nvd – Published: 2024-06-12 06:41 – Updated: 2024-08-01 17:41
    VLAI
    Summary
    Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.32.0 (semver)
    Create a notification for this product.
    dell cpg_bios Affected: 0 , < 1.32.0 (custom)
        cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell would like to thank Ben McEwan, Penetration Tester at Bridewell (www.bridewell.com) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cpg_bios",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T13:17:14.905056Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T13:19:06.076Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell would like to thank Ben McEwan, Penetration Tester at Bridewell (www.bridewell.com) for reporting this issue."
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS."
                }
              ],
              "value": "Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-12T06:41:33.041Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-0160",
        "datePublished": "2024-06-12T06:41:33.041Z",
        "dateReserved": "2023-12-14T05:30:38.641Z",
        "dateUpdated": "2024-08-01T17:41:16.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32475 (GCVE-0-2023-32475)

    Vulnerability from nvd – Published: 2024-06-07 02:13 – Updated: 2024-08-02 15:18
    VLAI
    Summary
    Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-353 - Missing Support for Integrity Check
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.6.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Unaffected: N/A , < 2.16.0 (semver)
    Affected: N/A , < 1.15.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 1.9.0 (semver)
    Affected: N/A , < 1.5.0 (semver)
    Affected: N/A , < 1.18.0 (semver)
    Affected: N/A , < 1.8.0 (semver)
    Affected: N/A , < 1.15.1 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.17.0 (semver)
    Affected: N/A , < 1.14.0 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Create a notification for this product.
    dell cpg_bios Affected: 0 , ≤ 2.6 (custom)
        cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-12-12 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "cpg_bios",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThanOrEqual": "2.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32475",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T16:59:56.060370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T17:00:46.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.16.0",
                  "status": "unaffected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.5.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.8.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.17.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
                }
              ],
              "value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-353",
                  "description": "CWE-353: Missing Support for Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-07T02:13:17.515Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-32475",
        "datePublished": "2024-06-07T02:13:17.515Z",
        "dateReserved": "2023-05-09T06:07:41.365Z",
        "dateUpdated": "2024-08-02T15:18:37.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22429 (GCVE-0-2024-22429)

    Vulnerability from nvd – Published: 2024-05-17 15:20 – Updated: 2024-08-01 22:43
    VLAI
    Summary
    Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.36.0 (semver)
    Affected: N/A , < 1.18.0 (semver)
    Affected: N/A , < 1.46.0 (semver)
    Affected: N/A , < 1.27.0 (semver)
    Affected: N/A , < 1.29.0 (semver)
    Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.31.0 (semver)
    Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.50.0 (semver)
    Affected: N/A , < 2.30.0 (semver)
    Create a notification for this product.
    dell edge_gateway_3000_firmware Affected: 0 , < 1.18.0 (semver)
        cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_13_3380 Affected: 0 , < 1.27.0 (semver)
        cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_3180_firmware Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_3189_firmware Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_3390_2-in-1 Affected: 0 , < 1.31.0 (semver)
        cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5414_firmware Affected: 0 , < 1.46.0 (semver)
        cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5424_firmware Affected: 0 , < 1.32.0 (semver)
        cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7414_rugged_extreme_firmware Affected: 0 , < 1.46.0 (semver)
        cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3420_tower Affected: 0 , < 2.30.0 (semver)
        cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3620_tower Affected: 0 , < 2.30.0 (semver)
        cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5280_firmware Affected: 0 , < 2.36.0 (semver)
        cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_12_rugged_extreme_7214_firmware Affected: 0 , < 1.46.0 (semver)
        cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_3300_firmware Affected: 0 , < 1.28.0 (semver)
        cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7212_rugged_extreme_tablet_firmware Affected: 0 , < 1.50.0 (semver)
        cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell wyse_5070 Affected: 0 , < 1.31.0 (semver)
        cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-14 06:30
    Credits
    Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edge_gateway_3000_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_13_3380",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.27.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_3180_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_3189_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_3390_2-in-1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.31.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_5414_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.46.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_5424_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_7414_rugged_extreme_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.46.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "precision_3420_tower",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.30.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "precision_3620_tower",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.30.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_5280_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.36.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_12_rugged_extreme_7214_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.46.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_3300_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.28.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_7212_rugged_extreme_tablet_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.50.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wyse_5070",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.31.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22429",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T13:54:51.026876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T14:03:23.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:35.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.36.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.46.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.50.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue."
            }
          ],
          "datePublic": "2024-05-14T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
                }
              ],
              "value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T15:20:16.147Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-22429",
        "datePublished": "2024-05-17T15:20:16.147Z",
        "dateReserved": "2024-01-10T15:23:01.337Z",
        "dateUpdated": "2024-08-01T22:43:35.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22448 (GCVE-0-2024-22448)

    Vulnerability from nvd – Published: 2024-04-10 07:30 – Updated: 2024-08-01 22:43
    VLAI
    Summary
    Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.29.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.14.0 (semver)
    Affected: N/A , < 1.31.0 (semver)
    Affected: N/A , < 1.31.1 (semver)
    Affected: N/A , < 1.31.2 (semver)
    Affected: N/A , < 1.31.3 (semver)
    Affected: N/A , < 1.31.4 (semver)
    Affected: N/A , < 1.31.5 (semver)
    Affected: N/A , < 1.31.6 (semver)
    Affected: N/A , < 1.31.7 (semver)
    Affected: N/A , < 1.31.8 (semver)
    Affected: N/A , < 1.31.9 (semver)
    Affected: N/A , < 1.31.10 (semver)
    Affected: N/A , < 1.31.11 (semver)
    Affected: N/A , < 1.31.12 (semver)
    Affected: N/A , < 1.31.13 (semver)
    Affected: N/A , < 1.31.14 (semver)
    Affected: N/A , < 1.31.15 (semver)
    Affected: N/A , < 1.31.16 (semver)
    Create a notification for this product.
    dell alienware_16_r1 Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:a:dell:alienware_16_r1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_15_r6 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:a:dell:alienware_15_r6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_18_r1 Affected: 0 , < 1.16.0 (semver)
        cpe:2.3:a:dell:alienware_18_r1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_14_r2 Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:a:dell:alienware_14_r2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g15_5511 Affected: 0 , < 1.28.0 (semver)
        cpe:2.3:h:dell:g15_5511:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g15_5530 Affected: 0 , < 1.14.0 (semver)
        cpe:2.3:h:dell:g15_5530:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g16_7620 Affected: 0 , < 1.14.0 (semver)
        cpe:2.3:h:dell:g16_7620:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g3_3500 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g5_5500 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g7_7500 Affected: 0 , < 1.31.0 (semver)
        cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g7_7700 Affected: 0 , < 1.31.0 (semver)
        cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_13_5330 Affected: 0 , < 1.14.0 (semver)
        cpe:2.3:h:dell:inspiron_13_5330:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_15_3530 Affected: 0 , < 1.10.0 (semver)
        cpe:2.3:a:dell:inspiron_15_3530:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_3030s Affected: 0 , < 1.3.0 (semver)
        cpe:2.3:a:dell:inspiron_3030s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5301 Affected: 0 , < 1.32.0 (semver)
        cpe:2.3:h:dell:inspiron_5301:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5400 Affected: 0 , < 1.27.0 (semver)
        cpe:2.3:h:dell:inspiron_5400:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5401 Affected: 0 , < 1.27.0 (semver)
        cpe:2.3:h:dell:inspiron_5401:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5402 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5409 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5502 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5509 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_7300 Affected: - , < 1.32.0 (semver)
        cpe:2.3:h:dell:inspiron_7300:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_7400 Affected: 0 , < 1.32.0 (semver)
        cpe:2.3:h:dell:inspiron_7400:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_7700_aio Affected: 0 , < 1.27.0 (semver)
        cpe:2.3:h:dell:inspiron_7700_aio:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5310 Affected: 0 , < 1.23.0 (semver)
        cpe:2.3:h:dell:latitude_5310:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5310_2_in_1 Affected: 0 , < 1.23.0 (semver)
        cpe:2.3:h:dell:latitude_5310_2_in_1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5330 Affected: 0 , < 1.321.0 (semver)
        cpe:2.3:h:dell:latitude_5330:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5340 Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:a:dell:latitude_5340:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5531 Affected: - , < 1.22.0 (semver)
        cpe:2.3:h:dell:latitude_5531:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5540 Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:a:dell:latitude_5540:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7320 Affected: - , < 1.34.0 (semver)
        cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7340 Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:a:dell:latitude_7340:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7420 Affected: - , < 1.34.0 (semver)
        cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7520 Affected: 0 , < 1.34.0 (semver)
        cpe:2.3:h:dell:latitude_7520:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_9330 Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:h:dell:latitude_9330:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_9420 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:latitude_9420:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_9430 Affected: - , < 1.22.0 (semver)
        cpe:2.3:h:dell:latitude_9430:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_9440_2in1 Affected: 0 , < 1.10.0 (semver)
        cpe:2.3:a:dell:latitude_9440_2in1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell optiplex_micro_7010 Affected: 0 , < 1.13.1 (semver)
        cpe:2.3:h:dell:optiplex_micro_7010:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell optiplex_small_form_factor_7010 Affected: 0 , < 1.13.1 (semver)
        cpe:2.3:h:dell:optiplex_small_form_factor_7010:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell optiplex_tower_7010 Affected: 0 , < 1.13.1 (semver)
        cpe:2.3:h:dell:optiplex_tower_7010:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3440 Affected: 0 , < 1.25.0 (semver)
        cpe:2.3:h:dell:precision_3440:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3571 Affected: 0 , < 1.22.0 (semver)
        cpe:2.3:h:dell:precision_3571:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3580 Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:a:dell:precision_3580:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3581 Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:h:dell:precision_3581:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3660 Affected: - , < 2.13.0 (semver)
        cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_5570 Affected: 0 , < 1.22.0 (semver)
        cpe:2.3:h:dell:precision_5570:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_5750 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_5770 Affected: 0 , < 1.24.0 (semver)
        cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_14_3430 Affected: 0 , < 1.10.0 (semver)
        cpe:2.3:h:dell:vostro_14_3430:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_15_3530 Affected: 0 , < 1.10.0 (semver)
        cpe:2.3:h:dell:vostro_15_3530:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_3030s Affected: 0 , < 1.3.0 (semver)
        cpe:2.3:h:dell:vostro_3030s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_5301 Affected: 0 , < 1.32.0 (semver)
        cpe:2.3:h:dell:vostro_5301:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_5402 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_5502 Affected: - , < 1.29.0 (semver)
        cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_5880 Affected: 0 , < 1.25.0 (semver)
        cpe:2.3:h:dell:vostro_5880:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_17_9700 Affected: 0 , < 1.24.0 (semver)
        cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_17_9730 Affected: 0 , < 1.11.0 (semver)
        cpe:2.3:h:dell:xps_17_9730:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_9315_2in1 Affected: 0 , < 1.15.0 (semver)
        cpe:2.3:h:dell:xps_9315_2in1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-09 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dell:alienware_16_r1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_16_r1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:alienware_15_r6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_15_r6",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:alienware_18_r1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_18_r1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.16.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:alienware_14_r2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_14_r2",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g15_5511:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g15_5511",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.28.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g15_5530:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g15_5530",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g16_7620:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g16_7620",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g3_3500",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g5_5500",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g7_7500",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.31.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g7_7700",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.31.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_13_5330:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_13_5330",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:inspiron_15_3530:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_15_3530",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.10.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:inspiron_3030s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_3030s",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5301:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5301",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5400:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5400",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.27.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5401:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5401",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.27.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5402",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5409",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5502",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5509",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_7300:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_7300",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_7400:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_7400",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_7700_aio:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_7700_aio",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.27.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_5310:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5310",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.23.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_5310_2_in_1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5310_2_in_1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.23.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_5330:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5330",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.321.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_5340:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5340",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_5531:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5531",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.22.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_5540:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5540",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_7320",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.34.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_7340:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_7340",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_7420",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.34.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_7520:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_7520",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.34.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_9330:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_9330",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_9420:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_9420",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_9430:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_9430",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.22.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_9440_2in1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_9440_2in1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.10.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:optiplex_micro_7010:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "optiplex_micro_7010",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:optiplex_small_form_factor_7010:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "optiplex_small_form_factor_7010",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:optiplex_tower_7010:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "optiplex_tower_7010",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3440:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3440",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.25.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3571:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3571",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.22.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:precision_3580:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3580",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3581:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3581",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3660",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.13.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_5570:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_5570",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.22.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_5750",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_5770",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.24.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_14_3430:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_14_3430",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.10.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_15_3530:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_15_3530",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.10.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_3030s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_3030s",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_5301:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_5301",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_5402",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_5502",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_5880:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_5880",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.25.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_17_9700",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.24.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:xps_17_9730:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_17_9730",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.11.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:xps_9315_2in1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_9315_2in1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-22T16:57:10.462584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:52:58.050Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.3",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.4",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.5",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.6",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.7",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.8",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.9",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.10",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.11",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.12",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.13",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.14",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.15",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.16",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2024-04-09T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service."
                }
              ],
              "value": "Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-10T07:30:08.507Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-22448",
        "datePublished": "2024-04-10T07:30:08.507Z",
        "dateReserved": "2024-01-10T15:26:10.250Z",
        "dateUpdated": "2024-08-01T22:43:34.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48674 (GCVE-0-2023-48674)

    Vulnerability from nvd – Published: 2024-03-01 12:35 – Updated: 2024-08-02 21:37
    VLAI
    Summary
    Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.27.1 (semver)
    Affected: N/A , < 1.24.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.26.0 (semver)
    Affected: N/A , < 1.27.0 (semver)
    Affected: N/A , < 1.11.0 (semver)
    Affected: N/A , < 1.20.0 (semver)
    Affected: N/A , < 1.9.0 (semver)
    Affected: N/A , < 3.20.0 (semver)
    Affected: N/A , < 1.17.0 (semver)
    Create a notification for this product.
    Date Public
    2024-02-13 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T19:14:09.277249Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:37.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:37:54.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.11.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.20.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.17.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
                }
              ],
              "value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170: Improper Null Termination",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-01T12:49:58.995Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-48674",
        "datePublished": "2024-03-01T12:35:56.866Z",
        "dateReserved": "2023-11-17T06:17:23.509Z",
        "dateUpdated": "2024-08-02T21:37:54.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28063 (GCVE-0-2023-28063)

    Vulnerability from nvd – Published: 2024-02-06 07:38 – Updated: 2024-08-02 12:30
    VLAI
    Summary
    Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-195 - Signed to Unsigned Conversion Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: 1.24.0
    Affected: 1.17.0
    Affected: 1.13.0
    Affected: 1.5.1
    Affected: 1.21.0
    Affected: 1.20.0
    Affected: 1.23.0
    Affected: 1.26.0
    Affected: 1.25.0
    Affected: 1.15.0
    Affected: 1.12.0
    Affected: 2.20.0
    Affected: 1.14.0
    Affected: 1.27.0
    Affected: 1.19.0
    Affected: 1.22.1
    Affected: 2.21.0
    Affected: 1.18.0
    Affected: 1.7.0
    Affected: 1.28.0
    Affected: 1.22.0
    Affected: 1.29.0
    Affected: 1.30.0
    Affected: 1.11.0
    Affected: 1.13.1
    Affected: 1.26.1
    Affected: 1.13.2
    Affected: 1.14.1
    Affected: 1.33.0
    Affected: 1.31.0
    Affected: 1.12.1
    Affected: 1.18.1
    Affected: 1.10.0
    Affected: 2.14.0
    Affected: 1.1.28
    Affected: 1.4.1
    Affected: 2.5.1
    Affected: 2.4.0
    Affected: 2.6.1
    Affected: 1.26.8
    Affected: 1.24.1
    Affected: 1.17.1
    Affected: 1.29.1
    Affected: 1.1.0
    Affected: 1.16.0
    Affected: 3.17.0
    Affected: 2.19.0
    Affected: 1.8.1
    Create a notification for this product.
    Date Public
    2023-06-13 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28063",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-06T17:07:13.502616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:21:34.998Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:23.947Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000214780/dsa-2023-176-dell-client-bios-security-update-for-a-signed-to-unsigned-conversion-error-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "2.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "2.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.28.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.29.0"
                },
                {
                  "status": "affected",
                  "version": "1.30.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.33.0"
                },
                {
                  "status": "affected",
                  "version": "1.31.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "2.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.4.1"
                },
                {
                  "status": "affected",
                  "version": "2.5.1"
                },
                {
                  "status": "affected",
                  "version": "2.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "1.26.8"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.29.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "3.17.0"
                },
                {
                  "status": "affected",
                  "version": "2.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-195",
                  "description": "CWE-195: Signed to Unsigned Conversion Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T07:38:54.321Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000214780/dsa-2023-176-dell-client-bios-security-update-for-a-signed-to-unsigned-conversion-error-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-28063",
        "datePublished": "2024-02-06T07:38:54.321Z",
        "dateReserved": "2023-03-10T05:06:06.441Z",
        "dateUpdated": "2024-08-02T12:30:23.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43088 (GCVE-0-2023-43088)

    Vulnerability from nvd – Published: 2023-12-22 18:00 – Updated: 2024-08-02 19:37
    VLAI
    Summary
    Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: Versions prior to 1.5.0
    Create a notification for this product.
    Date Public
    2023-12-19 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:23.719Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000218223/dsa-2023-377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Precision 7865 Tower"
              ],
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 1.5.0"
                }
              ]
            }
          ],
          "datePublic": "2023-12-19T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16: Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T18:00:38.953Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000218223/dsa-2023-377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-43088",
        "datePublished": "2023-12-22T18:00:38.953Z",
        "dateReserved": "2023-09-15T07:03:52.367Z",
        "dateUpdated": "2024-08-02T19:37:23.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39251 (GCVE-0-2023-39251)

    Vulnerability from nvd – Published: 2023-12-22 17:55 – Updated: 2024-08-02 18:02
    VLAI
    Summary
    Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: Versions prior to 1.20.0
    Affected: Versions prior to 1.23.0
    Affected: Versions prior to 1.27.0
    Affected: Versions prior to 1.25.0
    Affected: Versions prior to 1.24.0
    Create a notification for this product.
    Date Public
    2023-12-19 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Inspiron 7510",
                "Inspiron 7610",
                "Latitude 5430 Rugged Laptop",
                "Latitude 5521",
                "Latitude 7330 Rugged Laptop",
                "Precision 3561",
                "Precision 5560",
                "Precision 5760",
                "Precision 7560",
                "Precision 7760",
                "Vostro 7510",
                "XPS 15 9510",
                "XPS 17 9710"
              ],
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 1.20.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.23.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.27.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.25.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.24.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2023-12-19T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T17:55:18.705Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-39251",
        "datePublished": "2023-12-22T17:55:18.705Z",
        "dateReserved": "2023-07-26T08:15:44.773Z",
        "dateUpdated": "2024-08-02T18:02:06.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0158 (GCVE-0-2024-0158)

    Vulnerability from cvelistv5 – Published: 2024-07-02 06:20 – Updated: 2024-08-01 17:41
    VLAI
    Summary
    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.23.0 (semver)
    Affected: N/A , < 1.15.0 (semver)
    Affected: N/A , < 1.2.1 (semver)
    Affected: N/A , < 1.12.1 (semver)
    Affected: N/A , < 1.2.0 (semver)
    Affected: N/A , < 1.20.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.26.0 (semver)
    Affected: N/A , < 1.27.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 1.29.0 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.25.0 (semver)
    Affected: N/A , < 1.31.0 (semver)
    Affected: N/A , < 2.27.0 (semver)
    Affected: N/A , < 2.35.0 (semver)
    Affected: N/A , < 2.39.0 (semver)
    Affected: N/A , < 1.17.0 (semver)
    Affected: N/A , < 1.24.0 (semver)
    Affected: N/A , < 2.26.0 (semver)
    Affected: N/A , < 1.13.1 (semver)
    Affected: N/A , < 2.25.0 (semver)
    Affected: N/A , < 1.3.1 (semver)
    Affected: N/A , < 1.18.0 (semver)
    Affected: N/A , < 1.21.0 (semver)
    Affected: N/A , < 1.22.0 (semver)
    Affected: N/A , < 1.9.0 (semver)
    Affected: N/A , < 1.3.0 (semver)
    Affected: N/A , < 1.30.0 (semver)
    Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.29..0 (semver)
    Affected: N/A , < 1.45.0 (semver)
    Affected: N/A , < 1.33.0 (semver)
    Affected: N/A , < 1.11.0 (semver)
    Affected: N/A , < 1.35.0 (semver)
    Affected: N/A , < 1.34.0 (semver)
    Affected: N/A , < 1.36.0 (semver)
    Affected: N/A , < 1.36.2 (semver)
    Affected: N/A , < 1.25.1 (semver)
    Affected: N/A , < 1.21.1 (semver)
    Affected: N/A , < 1.4.1 (semver)
    Affected: N/A , < 1.49.0 (semver)
    Affected: N/A , < 1.37.0 (semver)
    Affected: N/A , < 1.34.2 (semver)
    Affected: N/A , < 1.30.1 (semver)
    Affected: N/A , < 1.16.1 (semver)
    Affected: N/A , < 2.24.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 1.1.38 (semver)
    Affected: N/A , < 3.3.2 (semver)
    Affected: N/A , < 2.29.0 (semver)
    Affected: N/A , < 2.12.0 (semver)
    Affected: N/A , < 2.30.0 (semver)
    Affected: N/A , < 1.30.8 (semver)
    Affected: N/A , < 1.10.0 (semver)
    Affected: N/A , < 1.26.1 (semver)
    Affected: N/A , < 1.1.17 (semver)
    Affected: N/A , < 1.20.1 (semver)
    Affected: N/A , < 1.7.0 (semver)
    Affected: N/A , < 01.03.00 (semver)
    Affected: N/A , < 1.1.16 (semver)
    Affected: N/A , < 3.21.0 (semver)
    Affected: N/A , < 2.23.0 (semver)
    Affected: N/A , < 1.19.1 (semver)
    Affected: N/A , < 2.10.0 (semver)
    Affected: N/A , < 2.18.1 (semver)
    Affected: N/A , < 1.14.0 (semver)
    Create a notification for this product.
    Date Public
    2024-03-12 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T14:21:02.955425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T14:21:13.009Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.039Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.23.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.27.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.35.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.39.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.17.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.26.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.25.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.21.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.29..0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.45.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.33.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.11.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.35.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.34.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.36.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.36.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.21.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.4.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.49.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.37.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.34.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.30.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.24.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.38",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.3.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.30.8",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.10.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.17",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "01.03.00",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.16",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.21.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.23.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-03-12T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
                }
              ],
              "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T06:20:44.735Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-0158",
        "datePublished": "2024-07-02T06:20:44.735Z",
        "dateReserved": "2023-12-14T05:30:35.591Z",
        "dateUpdated": "2024-08-01T17:41:16.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32855 (GCVE-0-2024-32855)

    Vulnerability from cvelistv5 – Published: 2024-06-25 04:06 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.30.0 (semver)
    Affected: N/A , < 1.26.0 (semver)
    Affected: N/A , < 1.34.0 (semver)
    Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.25.0 (semver)
    Affected: N/A , < 1.24.0 (semver)
    Affected: N/A , < 1.31.0 (semver)
    Affected: N/A , < 1.36.0 (semver)
    Affected: N/A , < 1.35.0 (semver)
    Affected: N/A , < 1.29.0 (semver)
    Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.33.0 (semver)
    Affected: N/A , < 1.50.0 (semver)
    Affected: N/A , < 1.37.0 (semver)
    Affected: N/A , < 1.38.0 (semver)
    Affected: N/A , < 1.31.8 (semver)
    Create a notification for this product.
    Date Public
    2024-06-24 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32855",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-25T13:13:59.349457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-25T13:14:05.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000225627/dsa-2024-123"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.34.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.25.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.36.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.35.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.33.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.50.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.37.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.38.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.8",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-06-24T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-25T04:06:39.172Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000225627/dsa-2024-123"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32855",
        "datePublished": "2024-06-25T04:06:39.172Z",
        "dateReserved": "2024-04-19T09:34:13.526Z",
        "dateUpdated": "2024-08-02T02:20:35.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32860 (GCVE-0-2024-32860)

    Vulnerability from cvelistv5 – Published: 2024-06-13 13:00 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.0.24 (semver)
    Affected: N/A , < 1.1.25 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 2.7.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 2.6.0 (semver)
    Create a notification for this product.
    dell cpg_bios Affected: 0 , < 1.0.24 (semver)
    Affected: 0 , < 1.1.25 (semver)
    Affected: 0 , < 1.19.0 (semver)
    Affected: 0 , < 1.12.0 (semver)
    Affected: 0 , < 1.13.0 (semver)
    Affected: 0 , < 2.18.0 (semver)
    Affected: 0 , < 2.7.0 (semver)
    Affected: 0 , < 1.16.0 (semver)
    Affected: 0 , < 2.6.0 (semver)
        cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "cpg_bios",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.0.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.1.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "2.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "2.7.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "1.16.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  },
                  {
                    "lessThan": "2.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-20T13:49:01.558476Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-20T14:48:48.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.0.24",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.25",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T13:00:19.384Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32860",
        "datePublished": "2024-06-13T13:00:19.384Z",
        "dateReserved": "2024-04-19T09:34:13.527Z",
        "dateUpdated": "2024-08-02T02:20:35.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32858 (GCVE-0-2024-32858)

    Vulnerability from cvelistv5 – Published: 2024-06-13 12:48 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.8.0 (semver)
    Affected: N/A , < 1.0.24 (semver)
    Affected: N/A , < 1.1.25 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 2.7.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 2.6.0 (semver)
    Create a notification for this product.
    dell alienware_aurora_r10_firmware Affected: 0 , < 2.8.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r11_firmware Affected: 0 , < 1.0.24 (semver)
        cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r12_firmware Affected: 0 , < 1.1.25 (semver)
        cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r13_firmware Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r14_ryzen_edition_firmware Affected: 0 , < 2.18.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r15_firmware Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r15_amd_firmware Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r16_firmware Affected: 0 , < 2.7.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_3502_firmware Affected: 0 , < 1.16.0 (semver)
        cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_8950_firmware Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_8960_firmware Affected: 0 , < 2.6.0 (semver)
        cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r10_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.8.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r11_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.0.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r12_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.1.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r13_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r14_ryzen_edition_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r15_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r15_amd_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r16_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.7.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_3502_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.16.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_8950_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_8960_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32858",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T13:37:43.257078Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-13T16:09:43.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.666Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.0.24",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.25",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue"
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T12:48:29.724Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32858",
        "datePublished": "2024-06-13T12:48:29.724Z",
        "dateReserved": "2024-04-19T09:34:13.527Z",
        "dateUpdated": "2024-08-02T02:20:35.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32859 (GCVE-0-2024-32859)

    Vulnerability from cvelistv5 – Published: 2024-06-13 12:39 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.8.0 (semver)
    Affected: N/A , < 1.0.24 (semver)
    Affected: N/A , < 1.1.25 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 2.7.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 2.6.0 (semver)
    Create a notification for this product.
    dell alienware_aurora_r15_amd_firmware Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r16_firmware Affected: 0 , < 2.7.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r10_firmware Affected: 0 , < 2.8.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r11_firmware Affected: 0 , < 1.0.24 (semver)
        cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r12_firmware Affected: 0 , < 1.1.25 (semver)
        cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r13_firmware Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r14_ryzen_edition_firmware Affected: 0 , < 2.18.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_aurora_r15_firmware Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_3502_firmware Affected: 0 , < 1.16.0 (semver)
        cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_8950_firmware Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_8960_firmware Affected: 0 , < 2.6.0 (semver)
        cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r15_amd_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r16_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.7.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r10_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.8.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r11_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.0.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r12_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.1.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r13_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r14_ryzen_edition_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_aurora_r15_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_3502_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.16.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_8950_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_8960_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.6.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T13:39:08.008139Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-13T16:01:53.774Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.0.24",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.25",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue"
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T12:39:41.863Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32859",
        "datePublished": "2024-06-13T12:39:41.863Z",
        "dateReserved": "2024-04-19T09:34:13.527Z",
        "dateUpdated": "2024-08-02T02:20:35.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32856 (GCVE-0-2024-32856)

    Vulnerability from cvelistv5 – Published: 2024-06-13 11:51 – Updated: 2024-08-02 02:20
    VLAI
    Summary
    Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.8.0 (semver)
    Affected: N/A , < 1.0.24 (semver)
    Affected: N/A , < 1.1.25 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 2.18.0 (semver)
    Affected: N/A , < 2.7.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T13:07:26.971457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-17T13:07:31.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:20:35.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.8.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.0.24",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.25",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.7.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."
                }
              ],
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-13T11:51:03.183Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-32856",
        "datePublished": "2024-06-13T11:51:03.183Z",
        "dateReserved": "2024-04-19T09:34:13.526Z",
        "dateUpdated": "2024-08-02T02:20:35.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28970 (GCVE-0-2024-28970)

    Vulnerability from cvelistv5 – Published: 2024-06-12 06:51 – Updated: 2024-08-02 01:03
    VLAI
    Summary
    Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.6.0 (semver)
    Affected: N/A , < 1.4.0 (semver)
    Affected: N/A , < 1.11.0 (semver)
    Affected: N/A , < 1.30.0 (semver)
    Affected: N/A , < 2.14.0 (semver)
    Create a notification for this product.
    Credits
    Dell would like to thank Maxim Suhanov for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28970",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T13:11:36.237352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T13:11:44.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:03:51.496Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.4.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.11.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell would like to thank Maxim Suhanov for reporting this issue"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service."
                }
              ],
              "value": "Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-12T06:51:49.004Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-28970",
        "datePublished": "2024-06-12T06:51:49.004Z",
        "dateReserved": "2024-03-13T15:42:12.961Z",
        "dateUpdated": "2024-08-02T01:03:51.496Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0160 (GCVE-0-2024-0160)

    Vulnerability from cvelistv5 – Published: 2024-06-12 06:41 – Updated: 2024-08-01 17:41
    VLAI
    Summary
    Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.32.0 (semver)
    Create a notification for this product.
    dell cpg_bios Affected: 0 , < 1.32.0 (custom)
        cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 06:30
    Credits
    Dell would like to thank Ben McEwan, Penetration Tester at Bridewell (www.bridewell.com) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cpg_bios",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T13:17:14.905056Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T13:19:06.076Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell would like to thank Ben McEwan, Penetration Tester at Bridewell (www.bridewell.com) for reporting this issue."
            }
          ],
          "datePublic": "2024-06-11T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS."
                }
              ],
              "value": "Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-12T06:41:33.041Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-0160",
        "datePublished": "2024-06-12T06:41:33.041Z",
        "dateReserved": "2023-12-14T05:30:38.641Z",
        "dateUpdated": "2024-08-01T17:41:16.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32475 (GCVE-0-2023-32475)

    Vulnerability from cvelistv5 – Published: 2024-06-07 02:13 – Updated: 2024-08-02 15:18
    VLAI
    Summary
    Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-353 - Missing Support for Integrity Check
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.6.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Unaffected: N/A , < 2.16.0 (semver)
    Affected: N/A , < 1.15.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 1.9.0 (semver)
    Affected: N/A , < 1.5.0 (semver)
    Affected: N/A , < 1.18.0 (semver)
    Affected: N/A , < 1.8.0 (semver)
    Affected: N/A , < 1.15.1 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.17.0 (semver)
    Affected: N/A , < 1.14.0 (semver)
    Affected: N/A , < 1.19.0 (semver)
    Create a notification for this product.
    dell cpg_bios Affected: 0 , ≤ 2.6 (custom)
        cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-12-12 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "cpg_bios",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThanOrEqual": "2.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32475",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T16:59:56.060370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T17:00:46.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.6.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.16.0",
                  "status": "unaffected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.5.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.8.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.15.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.17.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-12-12T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
                }
              ],
              "value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-353",
                  "description": "CWE-353: Missing Support for Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-07T02:13:17.515Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-32475",
        "datePublished": "2024-06-07T02:13:17.515Z",
        "dateReserved": "2023-05-09T06:07:41.365Z",
        "dateUpdated": "2024-08-02T15:18:37.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22429 (GCVE-0-2024-22429)

    Vulnerability from cvelistv5 – Published: 2024-05-17 15:20 – Updated: 2024-08-01 22:43
    VLAI
    Summary
    Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 2.36.0 (semver)
    Affected: N/A , < 1.18.0 (semver)
    Affected: N/A , < 1.46.0 (semver)
    Affected: N/A , < 1.27.0 (semver)
    Affected: N/A , < 1.29.0 (semver)
    Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.31.0 (semver)
    Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.50.0 (semver)
    Affected: N/A , < 2.30.0 (semver)
    Create a notification for this product.
    dell edge_gateway_3000_firmware Affected: 0 , < 1.18.0 (semver)
        cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_13_3380 Affected: 0 , < 1.27.0 (semver)
        cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_3180_firmware Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_3189_firmware Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_3390_2-in-1 Affected: 0 , < 1.31.0 (semver)
        cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5414_firmware Affected: 0 , < 1.46.0 (semver)
        cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5424_firmware Affected: 0 , < 1.32.0 (semver)
        cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7414_rugged_extreme_firmware Affected: 0 , < 1.46.0 (semver)
        cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3420_tower Affected: 0 , < 2.30.0 (semver)
        cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3620_tower Affected: 0 , < 2.30.0 (semver)
        cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5280_firmware Affected: 0 , < 2.36.0 (semver)
        cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_12_rugged_extreme_7214_firmware Affected: 0 , < 1.46.0 (semver)
        cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_3300_firmware Affected: 0 , < 1.28.0 (semver)
        cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7212_rugged_extreme_tablet_firmware Affected: 0 , < 1.50.0 (semver)
        cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dell wyse_5070 Affected: 0 , < 1.31.0 (semver)
        cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-14 06:30
    Credits
    Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edge_gateway_3000_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.18.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_13_3380",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.27.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_3180_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_3189_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_3390_2-in-1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.31.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_5414_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.46.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_5424_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_7414_rugged_extreme_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.46.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "precision_3420_tower",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.30.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "precision_3620_tower",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.30.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_5280_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.36.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_12_rugged_extreme_7214_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.46.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_3300_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.28.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "latitude_7212_rugged_extreme_tablet_firmware",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.50.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wyse_5070",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.31.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22429",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T13:54:51.026876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T14:03:23.200Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:35.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.36.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.18.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.46.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.50.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.30.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue."
            }
          ],
          "datePublic": "2024-05-14T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
                }
              ],
              "value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-17T15:20:16.147Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-22429",
        "datePublished": "2024-05-17T15:20:16.147Z",
        "dateReserved": "2024-01-10T15:23:01.337Z",
        "dateUpdated": "2024-08-01T22:43:35.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22448 (GCVE-0-2024-22448)

    Vulnerability from cvelistv5 – Published: 2024-04-10 07:30 – Updated: 2024-08-01 22:43
    VLAI
    Summary
    Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.29.0 (semver)
    Affected: N/A , < 1.16.0 (semver)
    Affected: N/A , < 1.13.0 (semver)
    Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.14.0 (semver)
    Affected: N/A , < 1.31.0 (semver)
    Affected: N/A , < 1.31.1 (semver)
    Affected: N/A , < 1.31.2 (semver)
    Affected: N/A , < 1.31.3 (semver)
    Affected: N/A , < 1.31.4 (semver)
    Affected: N/A , < 1.31.5 (semver)
    Affected: N/A , < 1.31.6 (semver)
    Affected: N/A , < 1.31.7 (semver)
    Affected: N/A , < 1.31.8 (semver)
    Affected: N/A , < 1.31.9 (semver)
    Affected: N/A , < 1.31.10 (semver)
    Affected: N/A , < 1.31.11 (semver)
    Affected: N/A , < 1.31.12 (semver)
    Affected: N/A , < 1.31.13 (semver)
    Affected: N/A , < 1.31.14 (semver)
    Affected: N/A , < 1.31.15 (semver)
    Affected: N/A , < 1.31.16 (semver)
    Create a notification for this product.
    dell alienware_16_r1 Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:a:dell:alienware_16_r1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_15_r6 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:a:dell:alienware_15_r6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_18_r1 Affected: 0 , < 1.16.0 (semver)
        cpe:2.3:a:dell:alienware_18_r1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell alienware_14_r2 Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:a:dell:alienware_14_r2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g15_5511 Affected: 0 , < 1.28.0 (semver)
        cpe:2.3:h:dell:g15_5511:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g15_5530 Affected: 0 , < 1.14.0 (semver)
        cpe:2.3:h:dell:g15_5530:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g16_7620 Affected: 0 , < 1.14.0 (semver)
        cpe:2.3:h:dell:g16_7620:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g3_3500 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g5_5500 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g7_7500 Affected: 0 , < 1.31.0 (semver)
        cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell g7_7700 Affected: 0 , < 1.31.0 (semver)
        cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_13_5330 Affected: 0 , < 1.14.0 (semver)
        cpe:2.3:h:dell:inspiron_13_5330:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_15_3530 Affected: 0 , < 1.10.0 (semver)
        cpe:2.3:a:dell:inspiron_15_3530:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_3030s Affected: 0 , < 1.3.0 (semver)
        cpe:2.3:a:dell:inspiron_3030s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5301 Affected: 0 , < 1.32.0 (semver)
        cpe:2.3:h:dell:inspiron_5301:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5400 Affected: 0 , < 1.27.0 (semver)
        cpe:2.3:h:dell:inspiron_5400:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5401 Affected: 0 , < 1.27.0 (semver)
        cpe:2.3:h:dell:inspiron_5401:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5402 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5409 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5502 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_5509 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_7300 Affected: - , < 1.32.0 (semver)
        cpe:2.3:h:dell:inspiron_7300:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_7400 Affected: 0 , < 1.32.0 (semver)
        cpe:2.3:h:dell:inspiron_7400:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell inspiron_7700_aio Affected: 0 , < 1.27.0 (semver)
        cpe:2.3:h:dell:inspiron_7700_aio:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5310 Affected: 0 , < 1.23.0 (semver)
        cpe:2.3:h:dell:latitude_5310:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5310_2_in_1 Affected: 0 , < 1.23.0 (semver)
        cpe:2.3:h:dell:latitude_5310_2_in_1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5330 Affected: 0 , < 1.321.0 (semver)
        cpe:2.3:h:dell:latitude_5330:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5340 Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:a:dell:latitude_5340:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5531 Affected: - , < 1.22.0 (semver)
        cpe:2.3:h:dell:latitude_5531:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_5540 Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:a:dell:latitude_5540:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7320 Affected: - , < 1.34.0 (semver)
        cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7340 Affected: 0 , < 1.13.0 (semver)
        cpe:2.3:a:dell:latitude_7340:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7420 Affected: - , < 1.34.0 (semver)
        cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_7520 Affected: 0 , < 1.34.0 (semver)
        cpe:2.3:h:dell:latitude_7520:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_9330 Affected: 0 , < 1.19.0 (semver)
        cpe:2.3:h:dell:latitude_9330:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_9420 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:latitude_9420:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_9430 Affected: - , < 1.22.0 (semver)
        cpe:2.3:h:dell:latitude_9430:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell latitude_9440_2in1 Affected: 0 , < 1.10.0 (semver)
        cpe:2.3:a:dell:latitude_9440_2in1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell optiplex_micro_7010 Affected: 0 , < 1.13.1 (semver)
        cpe:2.3:h:dell:optiplex_micro_7010:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell optiplex_small_form_factor_7010 Affected: 0 , < 1.13.1 (semver)
        cpe:2.3:h:dell:optiplex_small_form_factor_7010:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell optiplex_tower_7010 Affected: 0 , < 1.13.1 (semver)
        cpe:2.3:h:dell:optiplex_tower_7010:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3440 Affected: 0 , < 1.25.0 (semver)
        cpe:2.3:h:dell:precision_3440:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3571 Affected: 0 , < 1.22.0 (semver)
        cpe:2.3:h:dell:precision_3571:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3580 Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:a:dell:precision_3580:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3581 Affected: 0 , < 1.12.0 (semver)
        cpe:2.3:h:dell:precision_3581:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_3660 Affected: - , < 2.13.0 (semver)
        cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_5570 Affected: 0 , < 1.22.0 (semver)
        cpe:2.3:h:dell:precision_5570:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_5750 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell precision_5770 Affected: 0 , < 1.24.0 (semver)
        cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_14_3430 Affected: 0 , < 1.10.0 (semver)
        cpe:2.3:h:dell:vostro_14_3430:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_15_3530 Affected: 0 , < 1.10.0 (semver)
        cpe:2.3:h:dell:vostro_15_3530:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_3030s Affected: 0 , < 1.3.0 (semver)
        cpe:2.3:h:dell:vostro_3030s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_5301 Affected: 0 , < 1.32.0 (semver)
        cpe:2.3:h:dell:vostro_5301:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_5402 Affected: 0 , < 1.29.0 (semver)
        cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_5502 Affected: - , < 1.29.0 (semver)
        cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell vostro_5880 Affected: 0 , < 1.25.0 (semver)
        cpe:2.3:h:dell:vostro_5880:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_17_9700 Affected: 0 , < 1.24.0 (semver)
        cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_17_9730 Affected: 0 , < 1.11.0 (semver)
        cpe:2.3:h:dell:xps_17_9730:-:*:*:*:*:*:*:*
    Create a notification for this product.
    dell xps_9315_2in1 Affected: 0 , < 1.15.0 (semver)
        cpe:2.3:h:dell:xps_9315_2in1:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-04-09 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dell:alienware_16_r1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_16_r1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:alienware_15_r6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_15_r6",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:alienware_18_r1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_18_r1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.16.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:alienware_14_r2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "alienware_14_r2",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g15_5511:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g15_5511",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.28.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g15_5530:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g15_5530",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g16_7620:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g16_7620",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g3_3500",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g5_5500",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g7_7500",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.31.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "g7_7700",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.31.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_13_5330:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_13_5330",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:inspiron_15_3530:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_15_3530",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.10.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:inspiron_3030s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_3030s",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5301:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5301",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5400:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5400",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.27.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5401:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5401",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.27.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5402",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5409",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5502",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_5509",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_7300:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_7300",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_7400:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_7400",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:inspiron_7700_aio:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inspiron_7700_aio",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.27.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_5310:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5310",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.23.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_5310_2_in_1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5310_2_in_1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.23.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_5330:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5330",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.321.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_5340:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5340",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_5531:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5531",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.22.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_5540:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_5540",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_7320",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.34.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_7340:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_7340",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_7420",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.34.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_7520:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_7520",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.34.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_9330:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_9330",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_9420:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_9420",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:latitude_9430:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_9430",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.22.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:latitude_9440_2in1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "latitude_9440_2in1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.10.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:optiplex_micro_7010:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "optiplex_micro_7010",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:optiplex_small_form_factor_7010:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "optiplex_small_form_factor_7010",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:optiplex_tower_7010:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "optiplex_tower_7010",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.13.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3440:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3440",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.25.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3571:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3571",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.22.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:dell:precision_3580:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3580",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3581:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3581",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.12.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_3660",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.13.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_5570:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_5570",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.22.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_5750",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "precision_5770",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.24.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_14_3430:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_14_3430",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.10.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_15_3530:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_15_3530",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.10.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_3030s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_3030s",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_5301:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_5301",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.32.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_5402",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_5502",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.29.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:vostro_5880:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "vostro_5880",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.25.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_17_9700",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.24.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:xps_17_9730:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_17_9730",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.11.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:dell:xps_9315_2in1:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xps_9315_2in1",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "1.15.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-22T16:57:10.462584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:52:58.050Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.29.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.16.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.3",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.4",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.5",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.6",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.7",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.8",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.9",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.10",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.11",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.12",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.13",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.14",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.15",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.31.16",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2024-04-09T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service."
                }
              ],
              "value": "Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-10T07:30:08.507Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000221744/dsa-2024-066"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-22448",
        "datePublished": "2024-04-10T07:30:08.507Z",
        "dateReserved": "2024-01-10T15:26:10.250Z",
        "dateUpdated": "2024-08-01T22:43:34.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-48674 (GCVE-0-2023-48674)

    Vulnerability from cvelistv5 – Published: 2024-03-01 12:35 – Updated: 2024-08-02 21:37
    VLAI
    Summary
    Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: N/A , < 1.28.0 (semver)
    Affected: N/A , < 1.27.1 (semver)
    Affected: N/A , < 1.24.0 (semver)
    Affected: N/A , < 1.12.0 (semver)
    Affected: N/A , < 1.32.0 (semver)
    Affected: N/A , < 1.26.0 (semver)
    Affected: N/A , < 1.27.0 (semver)
    Affected: N/A , < 1.11.0 (semver)
    Affected: N/A , < 1.20.0 (semver)
    Affected: N/A , < 1.9.0 (semver)
    Affected: N/A , < 3.20.0 (semver)
    Affected: N/A , < 1.17.0 (semver)
    Create a notification for this product.
    Date Public
    2024-02-13 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-48674",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T19:14:09.277249Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:37.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:37:54.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.28.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.24.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.12.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.32.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.26.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.27.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.11.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.9.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "3.20.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.17.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
                }
              ],
              "value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170: Improper Null Termination",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-01T12:49:58.995Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-48674",
        "datePublished": "2024-03-01T12:35:56.866Z",
        "dateReserved": "2023-11-17T06:17:23.509Z",
        "dateUpdated": "2024-08-02T21:37:54.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28063 (GCVE-0-2023-28063)

    Vulnerability from cvelistv5 – Published: 2024-02-06 07:38 – Updated: 2024-08-02 12:30
    VLAI
    Summary
    Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-195 - Signed to Unsigned Conversion Error
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: 1.24.0
    Affected: 1.17.0
    Affected: 1.13.0
    Affected: 1.5.1
    Affected: 1.21.0
    Affected: 1.20.0
    Affected: 1.23.0
    Affected: 1.26.0
    Affected: 1.25.0
    Affected: 1.15.0
    Affected: 1.12.0
    Affected: 2.20.0
    Affected: 1.14.0
    Affected: 1.27.0
    Affected: 1.19.0
    Affected: 1.22.1
    Affected: 2.21.0
    Affected: 1.18.0
    Affected: 1.7.0
    Affected: 1.28.0
    Affected: 1.22.0
    Affected: 1.29.0
    Affected: 1.30.0
    Affected: 1.11.0
    Affected: 1.13.1
    Affected: 1.26.1
    Affected: 1.13.2
    Affected: 1.14.1
    Affected: 1.33.0
    Affected: 1.31.0
    Affected: 1.12.1
    Affected: 1.18.1
    Affected: 1.10.0
    Affected: 2.14.0
    Affected: 1.1.28
    Affected: 1.4.1
    Affected: 2.5.1
    Affected: 2.4.0
    Affected: 2.6.1
    Affected: 1.26.8
    Affected: 1.24.1
    Affected: 1.17.1
    Affected: 1.29.1
    Affected: 1.1.0
    Affected: 1.16.0
    Affected: 3.17.0
    Affected: 2.19.0
    Affected: 1.8.1
    Create a notification for this product.
    Date Public
    2023-06-13 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28063",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-06T17:07:13.502616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:21:34.998Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:23.947Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000214780/dsa-2023-176-dell-client-bios-security-update-for-a-signed-to-unsigned-conversion-error-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "2.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "2.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.28.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.29.0"
                },
                {
                  "status": "affected",
                  "version": "1.30.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.33.0"
                },
                {
                  "status": "affected",
                  "version": "1.31.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "2.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.28"
                },
                {
                  "status": "affected",
                  "version": "1.4.1"
                },
                {
                  "status": "affected",
                  "version": "2.5.1"
                },
                {
                  "status": "affected",
                  "version": "2.4.0"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "1.26.8"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.29.1"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "3.17.0"
                },
                {
                  "status": "affected",
                  "version": "2.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-195",
                  "description": "CWE-195: Signed to Unsigned Conversion Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-06T07:38:54.321Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000214780/dsa-2023-176-dell-client-bios-security-update-for-a-signed-to-unsigned-conversion-error-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-28063",
        "datePublished": "2024-02-06T07:38:54.321Z",
        "dateReserved": "2023-03-10T05:06:06.441Z",
        "dateUpdated": "2024-08-02T12:30:23.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43088 (GCVE-0-2023-43088)

    Vulnerability from cvelistv5 – Published: 2023-12-22 18:00 – Updated: 2024-08-02 19:37
    VLAI
    Summary
    Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: Versions prior to 1.5.0
    Create a notification for this product.
    Date Public
    2023-12-19 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:23.719Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000218223/dsa-2023-377"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Precision 7865 Tower"
              ],
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 1.5.0"
                }
              ]
            }
          ],
          "datePublic": "2023-12-19T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-16",
                  "description": "CWE-16: Configuration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T18:00:38.953Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000218223/dsa-2023-377"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-43088",
        "datePublished": "2023-12-22T18:00:38.953Z",
        "dateReserved": "2023-09-15T07:03:52.367Z",
        "dateUpdated": "2024-08-02T19:37:23.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }