CVE-2024-32858 - OpenCVE

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Dell	Alienware Aurora R10 Firmware Alienware Aurora R11 Firmware Alienware Aurora R12 Firmware Alienware Aurora R13 Firmware Alienware Aurora R14 Ryzen Edition Firmware Alienware Aurora R15 Amd Firmware Alienware Aurora R15 Firmware Alienware Aurora R16 Firmware Inspiron 3502 Firmware Xps 8950 Firmware Xps 8960 Firmware

No data.

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-06-13T12:48:29.724Z

Updated: 2024-08-02T02:20:35.666Z

Reserved: 2024-04-19T09:34:13.527Z

Link: CVE-2024-32858

Vulnrichment

Updated: 2024-06-13T16:09:33.185Z

NVD

Status : Undergoing Analysis

Published: 2024-06-13T13:15:48.833

Modified: 2024-06-13T18:35:19.777

Link: CVE-2024-32858

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32858", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-04-19T09:34:13.527Z", "datePublished": "2024-06-13T12:48:29.724Z", "dateUpdated": "2024-08-02T02:20:35.666Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CPG BIOS", "vendor": "Dell", "versions": [{"lessThan": "2.8.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.0.24", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.1.25", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.19.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.12.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.13.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "2.18.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "2.7.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.16.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "2.6.0", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dell Technologies would like to thank Eason for reporting this issue"}], "datePublic": "2024-06-11T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."}], "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-06-13T12:48:29.724Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "dell", "product": "alienware_aurora_r10_firmware", "cpes": ["cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.8.0", "versionType": "semver"}]}, {"vendor": "dell", "product": "alienware_aurora_r11_firmware", "cpes": ["cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.24", "versionType": "semver"}]}, {"vendor": "dell", "product": "alienware_aurora_r12_firmware", "cpes": ["cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.1.25", "versionType": "semver"}]}, {"vendor": "dell", "product": "alienware_aurora_r13_firmware", "cpes": ["cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.19.0", "versionType": "semver"}]}, {"vendor": "dell", "product": "alienware_aurora_r14_ryzen_edition_firmware", "cpes": ["cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.18.0", "versionType": "semver"}]}, {"vendor": "dell", "product": "alienware_aurora_r15_firmware", "cpes": ["cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.12.0", "versionType": "semver"}]}, {"vendor": "dell", "product": "alienware_aurora_r15_amd_firmware", "cpes": ["cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.13.0", "versionType": "semver"}]}, {"vendor": "dell", "product": "alienware_aurora_r16_firmware", "cpes": ["cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.7.0", "versionType": "semver"}]}, {"vendor": "dell", "product": "inspiron_3502_firmware", "cpes": ["cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.16.0", "versionType": "semver"}]}, {"vendor": "dell", "product": "xps_8950_firmware", "cpes": ["cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.19.0", "versionType": "semver"}]}, {"vendor": "dell", "product": "xps_8960_firmware", "cpes": ["cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.6.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T13:37:43.257078Z", "id": "CVE-2024-32858", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T16:09:43.292Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:20:35.666Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-13T13:37:43.257078Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "alienware_aurora_r10_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.8.0", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "alienware_aurora_r11_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.24", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "alienware_aurora_r12_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.25", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "alienware_aurora_r13_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.19.0", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:alienware_aurora_r14_ryzen_edition_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "alienware_aurora_r14_ryzen_edition_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.18.0", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "alienware_aurora_r15_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.12.0", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "alienware_aurora_r15_amd_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.0", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:alienware_aurora_r16_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "alienware_aurora_r16_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.7.0", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "inspiron_3502_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.16.0", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "xps_8950_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.19.0", "versionType": "semver"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*"], "vendor": "dell", "product": "xps_8960_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.6.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T16:09:33.185Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell Technologies would like to thank Eason for reporting this issue"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "CPG BIOS", "versions": [{"status": "affected", "version": "N/A", "lessThan": "2.8.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.0.24", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.1.25", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.19.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.12.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.13.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "2.18.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "2.7.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.16.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "2.6.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-11T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", "supportingMedia": [{"type": "text/html", "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-06-13T12:48:29.724Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32858", "state": "PUBLISHED", "dateUpdated": "2024-06-13T16:09:43.292Z", "dateReserved": "2024-04-19T09:34:13.527Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-06-13T12:48:29.724Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}