CVE-2024-0160 - Vulnerability Details

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

CPG BIOS

unaffected

Version	Status	Constraints
`N/A`	affected	< 1.32.0

Configuration 1 [-]

AND

cpe:2.3:o:dell:xps_17_9700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:xps_15_9500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_15_9500:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:vostro_7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_7500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:precision_5750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:precision_5550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5550:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:latitude_3520_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3520:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:latitude_3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3510:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:latitude_3420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:latitude_3410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3410:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:inspiron_7501_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7501:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:inspiron_7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7500:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:g5_5500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:g3_3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Dell Subscribe	G3 3500 Subscribe G3 3500 Firmware Subscribe G5 5500 Subscribe G5 5500 Firmware Subscribe G7 7500 Subscribe G7 7500 Firmware Subscribe G7 7700 Subscribe G7 7700 Firmware Subscribe Inspiron 7500 Subscribe Inspiron 7500 Firmware Subscribe Inspiron 7501 Subscribe Inspiron 7501 Firmware Subscribe Latitude 3410 Subscribe Latitude 3410 Firmware Subscribe Latitude 3420 Subscribe Latitude 3420 Firmware Subscribe Latitude 3510 Subscribe Latitude 3510 Firmware Subscribe Latitude 3520 Subscribe Latitude 3520 Firmware Subscribe Precision 5550 Subscribe Precision 5550 Firmware Subscribe Precision 5750 Subscribe Precision 5750 Firmware Subscribe Vostro 7500 Subscribe Vostro 7500 Firmware Subscribe Xps 15 9500 Subscribe Xps 15 9500 Firmware Subscribe Xps 17 9700 Subscribe Xps 17 9700 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-15959	Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122

History

Wed, 25 Sep 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell g3 3500 Dell g3 3500 Firmware Dell g5 5500 Dell g5 5500 Firmware Dell g7 7500 Dell g7 7500 Firmware Dell g7 7700 Dell g7 7700 Firmware Dell inspiron 7500 Dell inspiron 7500 Firmware Dell inspiron 7501 Dell inspiron 7501 Firmware Dell latitude 3410 Dell latitude 3410 Firmware Dell latitude 3420 Dell latitude 3420 Firmware Dell latitude 3510 Dell latitude 3510 Firmware Dell latitude 3520 Dell latitude 3520 Firmware Dell precision 5550 Dell precision 5550 Firmware Dell precision 5750 Dell precision 5750 Firmware Dell vostro 7500 Dell vostro 7500 Firmware Dell xps 15 9500 Dell xps 15 9500 Firmware Dell xps 17 9700 Dell xps 17 9700 Firmware
CPEs		cpe:2.3:h:dell:g3_3500:-:::::::* cpe:2.3:h:dell:g5_5500:-:::::::* cpe:2.3:h:dell:g7_7500:-:::::::* cpe:2.3:h:dell:g7_7700:-:::::::* cpe:2.3:h:dell:inspiron_7500:-:::::::* cpe:2.3:h:dell:inspiron_7501:-:::::::* cpe:2.3:h:dell:latitude_3410:-:::::::* cpe:2.3:h:dell:latitude_3420:-:::::::* cpe:2.3:h:dell:latitude_3510:-:::::::* cpe:2.3:h:dell:latitude_3520:-:::::::* cpe:2.3:h:dell:precision_5550:-:::::::* cpe:2.3:h:dell:precision_5750:-:::::::* cpe:2.3:h:dell:vostro_7500:-:::::::* cpe:2.3:h:dell:xps_15_9500:-:::::::* cpe:2.3:h:dell:xps_17_9700:-:::::::* cpe:2.3:o:dell:g3_3500_firmware:::::::: cpe:2.3:o:dell:g5_5500_firmware:::::::: cpe:2.3:o:dell:g7_7500_firmware:::::::: cpe:2.3:o:dell:g7_7700_firmware:::::::: cpe:2.3:o:dell:inspiron_7500_firmware:::::::: cpe:2.3:o:dell:inspiron_7501_firmware:::::::: cpe:2.3:o:dell:latitude_3410_firmware:::::::: cpe:2.3:o:dell:latitude_3420_firmware:::::::: cpe:2.3:o:dell:latitude_3510_firmware:::::::: cpe:2.3:o:dell:latitude_3520_firmware:::::::: cpe:2.3:o:dell:precision_5550_firmware:::::::: cpe:2.3:o:dell:precision_5750_firmware:::::::: cpe:2.3:o:dell:vostro_7500_firmware:::::::: cpe:2.3:o:dell:xps_15_9500_firmware:::::::: cpe:2.3:o:dell:xps_17_9700_firmware::::::::
Vendors & Products		Dell Dell g3 3500 Dell g3 3500 Firmware Dell g5 5500 Dell g5 5500 Firmware Dell g7 7500 Dell g7 7500 Firmware Dell g7 7700 Dell g7 7700 Firmware Dell inspiron 7500 Dell inspiron 7500 Firmware Dell inspiron 7501 Dell inspiron 7501 Firmware Dell latitude 3410 Dell latitude 3410 Firmware Dell latitude 3420 Dell latitude 3420 Firmware Dell latitude 3510 Dell latitude 3510 Firmware Dell latitude 3520 Dell latitude 3520 Firmware Dell precision 5550 Dell precision 5550 Firmware Dell precision 5750 Dell precision 5750 Firmware Dell vostro 7500 Dell vostro 7500 Firmware Dell xps 15 9500 Dell xps 15 9500 Firmware Dell xps 17 9700 Dell xps 17 9700 Firmware

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-06-12T06:41:33.041Z

Updated: 2024-08-01T17:41:16.055Z

Reserved: 2023-12-14T05:30:38.641Z

Link: CVE-2024-0160

Vulnrichment

Updated: 2024-08-01T17:41:16.055Z

NVD

Status : Modified

Published: 2024-06-12T07:15:50.530

Modified: 2024-11-21T08:45:58.470

Link: CVE-2024-0160

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-863

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object