Lucene search

DellVULNRICHMENT:CVE-2024-32855

HistoryJun 25, 2024 - 4:06 a.m.

CVE-2024-32855

2024-06-2504:06:39

CWE-787

dell

github.com

dell client platform

bios

out-of-bounds write

vulnerability

information tampering

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "CPG BIOS",
    "versions": [
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.30.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.26.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.34.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.28.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.25.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.24.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.31.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.36.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.35.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.29.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.32.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.33.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.50.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.37.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.38.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "N/A",
        "lessThan": "1.31.8",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.dell.com/support/kbdoc/en-us/000225627/dsa-2024-123

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-32855