Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
History

Wed, 28 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell alienware Area 51m R2 Firmware
Dell alienware Aurora R15 Amd Firmware
Dell alienware M15 R3 Firmware
Dell alienware M17 R3 Firmware
Dell alienware X14 Firmware
Dell alienware X15 R1 Firmware
Dell alienware X17 R1 Firmware
CPEs cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:alienware_m15_r3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:alienware_m17_r3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:alienware_x14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell alienware Area 51m R2 Firmware
Dell alienware Aurora R15 Amd Firmware
Dell alienware M15 R3 Firmware
Dell alienware M17 R3 Firmware
Dell alienware X14 Firmware
Dell alienware X15 R1 Firmware
Dell alienware X17 R1 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 28 Aug 2024 06:00:00 +0000

Type Values Removed Values Added
Description Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
Weaknesses CWE-1392
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-08-28T05:46:40.013Z

Updated: 2024-08-28T14:15:01.978Z

Reserved: 2024-06-26T02:16:08.993Z

Link: CVE-2024-39584

cve-icon Vulnrichment

Updated: 2024-08-28T14:14:07.951Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-28T06:15:05.607

Modified: 2024-08-28T12:57:27.610

Link: CVE-2024-39584

cve-icon Redhat

No data.