Lucene search

DellCVE-2024-32855

HistoryJun 25, 2024 - 4:15 a.m.

CVE-2024-32855

2024-06-2504:15:14

CWE-787

dell

web.nvd.nist.gov

dell client platform

bios

out-of-bounds write

vulnerability

local access

information tampering

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

AI Score

3.9

Confidence

High

EPSS

Percentile

9.1%

JSON

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Affected configurations

Vulners

Node

dellcpg_biosRange≤1.30.0

dellcpg_biosRange≤1.26.0

dellcpg_biosRange≤1.34.0

dellcpg_biosRange≤1.28.0

dellcpg_biosRange≤1.25.0

dellcpg_biosRange≤1.24.0

dellcpg_biosRange≤1.31.0

dellcpg_biosRange≤1.36.0

dellcpg_biosRange≤1.35.0

dellcpg_biosRange≤1.29.0

dellcpg_biosRange≤1.32.0

dellcpg_biosRange≤1.33.0

dellcpg_biosRange≤1.50.0

dellcpg_biosRange≤1.37.0

dellcpg_biosRange≤1.38.0

dellcpg_biosRange≤1.31.8

VendorProductVersionCPE
dellcpg_bios*cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	cpg_bios	*	cpe:2.3:o:dell:cpg_bios::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.30.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.26.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.34.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.28.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.25.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.24.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.31.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.36.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.35.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.29.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.32.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.33.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.50.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.37.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.38.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.31.8",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000225627/dsa-2024-123

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

AI Score

3.9

Confidence

High

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-32855