Search
Find a vulnerability
Search criteria
12 vulnerabilities found for alienware_aurora_r15_amd_firmware by dell
CVE-2024-39584 (GCVE-0-2024-39584)
Vulnerability from nvd – Published: 2024-08-28 05:46 – Updated: 2024-08-28 14:15
VLAI
Summary
Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022759… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Client Platform BIOS |
Affected:
N/A , < 1.29.0
(semver)
Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.21.0 (semver) Affected: N/A , < 1.24.0 (semver) |
|
| dell | alienware_m17_r3_firmware |
Affected:
0 , < 1.29.0
(semver)
cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dell:alienware_m15_r3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dell:alienware_m17_r3_firmware:-:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r15_amd_firmware |
Affected:
0 , < 1.15.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_x14_firmware |
Affected:
0 , < 1.21.0
(semver)
cpe:2.3:o:dell:alienware_x14_firmware:-:*:*:*:*:*:*:* |
|
| dell | alienware_x15_r1_firmware |
Affected:
0 , < 1.24.0
(semver)
cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-08-27 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:dell:alienware_m15_r3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:dell:alienware_m17_r3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alienware_m17_r3_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alienware_aurora_r15_amd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.15.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_x14_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alienware_x14_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alienware_x15_r1_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.24.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:02:49.780082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:15:01.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Client Platform BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.24.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CVE-2024-39584: Dell Technologies would like to thank BINARLY REsearch team for reporting this issue."
}
],
"datePublic": "2024-08-27T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution."
}
],
"value": "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T05:46:40.013Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-39584",
"datePublished": "2024-08-28T05:46:40.013Z",
"dateReserved": "2024-06-26T02:16:08.993Z",
"dateUpdated": "2024-08-28T14:15:01.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32860 (GCVE-0-2024-32860)
Vulnerability from nvd – Published: 2024-06-13 13:00 – Updated: 2024-08-02 02:20
VLAI
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022344… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 1.0.24
(semver)
Affected: N/A , < 1.1.25 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 2.7.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 2.6.0 (semver) |
|
| dell | cpg_bios |
Affected:
0 , < 1.0.24
(semver)
Affected: 0 , < 1.1.25 (semver) Affected: 0 , < 1.19.0 (semver) Affected: 0 , < 1.12.0 (semver) Affected: 0 , < 1.13.0 (semver) Affected: 0 , < 2.18.0 (semver) Affected: 0 , < 2.7.0 (semver) Affected: 0 , < 1.16.0 (semver) Affected: 0 , < 2.6.0 (semver) cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:* |
Date Public
2024-06-11 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpg_bios",
"vendor": "dell",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T13:49:01.558476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T14:48:48.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Eason for reporting this issue."
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T13:00:19.384Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-32860",
"datePublished": "2024-06-13T13:00:19.384Z",
"dateReserved": "2024-04-19T09:34:13.527Z",
"dateUpdated": "2024-08-02T02:20:35.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32859 (GCVE-0-2024-32859)
Vulnerability from nvd – Published: 2024-06-13 12:39 – Updated: 2024-08-02 02:20
VLAI
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022343… | vendor-advisory |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.8.0
(semver)
Affected: N/A , < 1.0.24 (semver) Affected: N/A , < 1.1.25 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 2.7.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 2.6.0 (semver) |
|
| dell | alienware_aurora_r15_amd_firmware |
Affected:
0 , < 1.13.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r16_firmware |
Affected:
0 , < 2.7.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r10_firmware |
Affected:
0 , < 2.8.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r11_firmware |
Affected:
0 , < 1.0.24
(semver)
cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r12_firmware |
Affected:
0 , < 1.1.25
(semver)
cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r13_firmware |
Affected:
0 , < 1.19.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r14_ryzen_edition_firmware |
Affected:
0 , < 2.18.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r15_firmware |
Affected:
0 , < 1.12.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:* |
|
| dell | inspiron_3502_firmware |
Affected:
0 , < 1.16.0
(semver)
cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:* |
|
| dell | xps_8950_firmware |
Affected:
0 , < 1.19.0
(semver)
cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:* |
|
| dell | xps_8960_firmware |
Affected:
0 , < 2.6.0
(semver)
cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-06-11 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r15_amd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r16_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r10_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r11_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r12_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.25",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r13_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r14_ryzen_edition_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r15_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "inspiron_3502_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xps_8950_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xps_8960_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T13:39:08.008139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:01:53.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.0.24",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Eason for reporting this issue"
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T12:39:41.863Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-32859",
"datePublished": "2024-06-13T12:39:41.863Z",
"dateReserved": "2024-04-19T09:34:13.527Z",
"dateUpdated": "2024-08-02T02:20:35.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32858 (GCVE-0-2024-32858)
Vulnerability from nvd – Published: 2024-06-13 12:48 – Updated: 2024-08-02 02:20
VLAI
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022343… | vendor-advisory |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.8.0
(semver)
Affected: N/A , < 1.0.24 (semver) Affected: N/A , < 1.1.25 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 2.7.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 2.6.0 (semver) |
|
| dell | alienware_aurora_r10_firmware |
Affected:
0 , < 2.8.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r11_firmware |
Affected:
0 , < 1.0.24
(semver)
cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r12_firmware |
Affected:
0 , < 1.1.25
(semver)
cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r13_firmware |
Affected:
0 , < 1.19.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r14_ryzen_edition_firmware |
Affected:
0 , < 2.18.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r15_firmware |
Affected:
0 , < 1.12.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r15_amd_firmware |
Affected:
0 , < 1.13.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r16_firmware |
Affected:
0 , < 2.7.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:* |
|
| dell | inspiron_3502_firmware |
Affected:
0 , < 1.16.0
(semver)
cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:* |
|
| dell | xps_8950_firmware |
Affected:
0 , < 1.19.0
(semver)
cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:* |
|
| dell | xps_8960_firmware |
Affected:
0 , < 2.6.0
(semver)
cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-06-11 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r10_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r11_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r12_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.25",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r13_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r14_ryzen_edition_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r15_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r15_amd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r16_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "inspiron_3502_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xps_8950_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xps_8960_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T13:37:43.257078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:09:43.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.0.24",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Eason for reporting this issue"
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T12:48:29.724Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-32858",
"datePublished": "2024-06-13T12:48:29.724Z",
"dateReserved": "2024-04-19T09:34:13.527Z",
"dateUpdated": "2024-08-02T02:20:35.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32856 (GCVE-0-2024-32856)
Vulnerability from nvd – Published: 2024-06-13 11:51 – Updated: 2024-08-02 02:20
VLAI
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022174… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.8.0
(semver)
Affected: N/A , < 1.0.24 (semver) Affected: N/A , < 1.1.25 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 2.7.0 (semver) Affected: N/A , < 1.16.0 (semver) |
Date Public
2024-06-11 06:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T13:07:26.971457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T13:07:31.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.0.24",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Eason for reporting this issue."
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."
}
],
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T11:51:03.183Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-32856",
"datePublished": "2024-06-13T11:51:03.183Z",
"dateReserved": "2024-04-19T09:34:13.526Z",
"dateUpdated": "2024-08-02T02:20:35.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32475 (GCVE-0-2023-32475)
Vulnerability from nvd – Published: 2024-06-07 02:13 – Updated: 2024-08-02 15:18
VLAI
Summary
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-353 - Missing Support for Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021564… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.6.0
(semver)
Affected: N/A , < 1.13.0 (semver) Unaffected: N/A , < 2.16.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.5.0 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.8.0 (semver) Affected: N/A , < 1.15.1 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.14.0 (semver) Affected: N/A , < 1.19.0 (semver) |
|
| dell | cpg_bios |
Affected:
0 , ≤ 2.6
(custom)
cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:* |
Date Public
2023-12-12 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "cpg_bios",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T16:59:56.060370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T17:00:46.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.16.0",
"status": "unaffected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.5.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-12-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353: Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T02:13:17.515Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32475",
"datePublished": "2024-06-07T02:13:17.515Z",
"dateReserved": "2023-05-09T06:07:41.365Z",
"dateUpdated": "2024-08-02T15:18:37.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39584 (GCVE-0-2024-39584)
Vulnerability from cvelistv5 – Published: 2024-08-28 05:46 – Updated: 2024-08-28 14:15
VLAI
Summary
Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022759… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Client Platform BIOS |
Affected:
N/A , < 1.29.0
(semver)
Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.21.0 (semver) Affected: N/A , < 1.24.0 (semver) |
|
| dell | alienware_m17_r3_firmware |
Affected:
0 , < 1.29.0
(semver)
cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dell:alienware_m15_r3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dell:alienware_m17_r3_firmware:-:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r15_amd_firmware |
Affected:
0 , < 1.15.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_x14_firmware |
Affected:
0 , < 1.21.0
(semver)
cpe:2.3:o:dell:alienware_x14_firmware:-:*:*:*:*:*:*:* |
|
| dell | alienware_x15_r1_firmware |
Affected:
0 , < 1.24.0
(semver)
cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-08-27 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:dell:alienware_m15_r3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:dell:alienware_m17_r3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alienware_m17_r3_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alienware_aurora_r15_amd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.15.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_x14_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alienware_x14_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "alienware_x15_r1_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.24.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:02:49.780082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:15:01.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Client Platform BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.24.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CVE-2024-39584: Dell Technologies would like to thank BINARLY REsearch team for reporting this issue."
}
],
"datePublic": "2024-08-27T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution."
}
],
"value": "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T05:46:40.013Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-39584",
"datePublished": "2024-08-28T05:46:40.013Z",
"dateReserved": "2024-06-26T02:16:08.993Z",
"dateUpdated": "2024-08-28T14:15:01.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32860 (GCVE-0-2024-32860)
Vulnerability from cvelistv5 – Published: 2024-06-13 13:00 – Updated: 2024-08-02 02:20
VLAI
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022344… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 1.0.24
(semver)
Affected: N/A , < 1.1.25 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 2.7.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 2.6.0 (semver) |
|
| dell | cpg_bios |
Affected:
0 , < 1.0.24
(semver)
Affected: 0 , < 1.1.25 (semver) Affected: 0 , < 1.19.0 (semver) Affected: 0 , < 1.12.0 (semver) Affected: 0 , < 1.13.0 (semver) Affected: 0 , < 2.18.0 (semver) Affected: 0 , < 2.7.0 (semver) Affected: 0 , < 1.16.0 (semver) Affected: 0 , < 2.6.0 (semver) cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:* |
Date Public
2024-06-11 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpg_bios",
"vendor": "dell",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T13:49:01.558476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T14:48:48.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Eason for reporting this issue."
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T13:00:19.384Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223440/dsa-2024-125"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-32860",
"datePublished": "2024-06-13T13:00:19.384Z",
"dateReserved": "2024-04-19T09:34:13.527Z",
"dateUpdated": "2024-08-02T02:20:35.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32858 (GCVE-0-2024-32858)
Vulnerability from cvelistv5 – Published: 2024-06-13 12:48 – Updated: 2024-08-02 02:20
VLAI
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022343… | vendor-advisory |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.8.0
(semver)
Affected: N/A , < 1.0.24 (semver) Affected: N/A , < 1.1.25 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 2.7.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 2.6.0 (semver) |
|
| dell | alienware_aurora_r10_firmware |
Affected:
0 , < 2.8.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r11_firmware |
Affected:
0 , < 1.0.24
(semver)
cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r12_firmware |
Affected:
0 , < 1.1.25
(semver)
cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r13_firmware |
Affected:
0 , < 1.19.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r14_ryzen_edition_firmware |
Affected:
0 , < 2.18.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r15_firmware |
Affected:
0 , < 1.12.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r15_amd_firmware |
Affected:
0 , < 1.13.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r16_firmware |
Affected:
0 , < 2.7.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:* |
|
| dell | inspiron_3502_firmware |
Affected:
0 , < 1.16.0
(semver)
cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:* |
|
| dell | xps_8950_firmware |
Affected:
0 , < 1.19.0
(semver)
cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:* |
|
| dell | xps_8960_firmware |
Affected:
0 , < 2.6.0
(semver)
cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-06-11 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r10_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r11_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r12_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.25",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r13_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r14_ryzen_edition_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r15_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r15_amd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r16_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "inspiron_3502_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xps_8950_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xps_8960_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T13:37:43.257078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:09:43.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.0.24",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Eason for reporting this issue"
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T12:48:29.724Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-32858",
"datePublished": "2024-06-13T12:48:29.724Z",
"dateReserved": "2024-04-19T09:34:13.527Z",
"dateUpdated": "2024-08-02T02:20:35.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32859 (GCVE-0-2024-32859)
Vulnerability from cvelistv5 – Published: 2024-06-13 12:39 – Updated: 2024-08-02 02:20
VLAI
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022343… | vendor-advisory |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.8.0
(semver)
Affected: N/A , < 1.0.24 (semver) Affected: N/A , < 1.1.25 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 2.7.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 2.6.0 (semver) |
|
| dell | alienware_aurora_r15_amd_firmware |
Affected:
0 , < 1.13.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r16_firmware |
Affected:
0 , < 2.7.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r10_firmware |
Affected:
0 , < 2.8.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r11_firmware |
Affected:
0 , < 1.0.24
(semver)
cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r12_firmware |
Affected:
0 , < 1.1.25
(semver)
cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r13_firmware |
Affected:
0 , < 1.19.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r14_ryzen_edition_firmware |
Affected:
0 , < 2.18.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:* |
|
| dell | alienware_aurora_r15_firmware |
Affected:
0 , < 1.12.0
(semver)
cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:* |
|
| dell | inspiron_3502_firmware |
Affected:
0 , < 1.16.0
(semver)
cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:* |
|
| dell | xps_8950_firmware |
Affected:
0 , < 1.19.0
(semver)
cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:* |
|
| dell | xps_8960_firmware |
Affected:
0 , < 2.6.0
(semver)
cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-06-11 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r15_amd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r16_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r10_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r11_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.0.24",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r12_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.25",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r13_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r14_ryzen_edition_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alienware_aurora_r15_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "inspiron_3502_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.16.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xps_8950_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.19.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xps_8960_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T13:39:08.008139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:01:53.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.0.24",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Eason for reporting this issue"
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T12:39:41.863Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-32859",
"datePublished": "2024-06-13T12:39:41.863Z",
"dateReserved": "2024-04-19T09:34:13.527Z",
"dateUpdated": "2024-08-02T02:20:35.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32856 (GCVE-0-2024-32856)
Vulnerability from cvelistv5 – Published: 2024-06-13 11:51 – Updated: 2024-08-02 02:20
VLAI
Summary
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022174… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.8.0
(semver)
Affected: N/A , < 1.0.24 (semver) Affected: N/A , < 1.1.25 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 2.7.0 (semver) Affected: N/A , < 1.16.0 (semver) |
Date Public
2024-06-11 06:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T13:07:26.971457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T13:07:31.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.0.24",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.25",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank Eason for reporting this issue."
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."
}
],
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T11:51:03.183Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-32856",
"datePublished": "2024-06-13T11:51:03.183Z",
"dateReserved": "2024-04-19T09:34:13.526Z",
"dateUpdated": "2024-08-02T02:20:35.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32475 (GCVE-0-2023-32475)
Vulnerability from cvelistv5 – Published: 2024-06-07 02:13 – Updated: 2024-08-02 15:18
VLAI
Summary
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-353 - Missing Support for Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021564… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.6.0
(semver)
Affected: N/A , < 1.13.0 (semver) Unaffected: N/A , < 2.16.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.5.0 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.8.0 (semver) Affected: N/A , < 1.15.1 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.14.0 (semver) Affected: N/A , < 1.19.0 (semver) |
|
| dell | cpg_bios |
Affected:
0 , ≤ 2.6
(custom)
cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:* |
Date Public
2023-12-12 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "cpg_bios",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T16:59:56.060370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T17:00:46.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.16.0",
"status": "unaffected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.5.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-12-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353: Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T02:13:17.515Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32475",
"datePublished": "2024-06-07T02:13:17.515Z",
"dateReserved": "2023-05-09T06:07:41.365Z",
"dateUpdated": "2024-08-02T15:18:37.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}