Impact
The vulnerability resides in the Dell Client Platform BIOS and allows an attacker to bypass primary authentication mechanisms by exploiting a credential handling weakness identified as CWE‑305. This flaw can enable unauthorized reading of sensitive information stored within the system, resulting in information disclosure.
Affected Systems
The flaw affects Dell’s entire range of client devices, including XPS, Inspiron, Latitude, Vostro, Alienware, Precision, and many other laptop, ultrabook, and all‑in‑one models listed in the CNA data. All devices using the affected BIOS firmware and lacking the latest update are susceptible.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate severity threat. EPSS is not available and the vulnerability is not listed in CISA’s KEV catalog. An attacker with physical proximity to a device can exploit the authentication bypass without needing credentials, potentially reading protected data from memory or storage. The risk is confined to environments where device security cannot be strictly enforced, but the impact of unauthorized disclosure could be significant for corporate assets.
OpenCVE Enrichment