Improper Access Vulnerability in Dell Client Platforms
CVE-2019-3717

7.1HIGH

Key Information:

Vendor: Dell
Status: Dell Client Commercial And Consumer Platforms
Vendor: CVE Published:; 5 August 2019

What is CVE-2019-3717?

Certain Dell Client Commercial and Consumer platforms have an improper access vulnerability that may allow an unauthenticated attacker with physical access to bypass Secure Boot restrictions. This bypass could enable the execution of unsigned and untrusted code from expansion cards during the platform's boot process. Organizations using affected devices should review their security protocols to mitigate risks associated with this vulnerability.

Affected Version(s)

Dell Client Commercial and Consumer platforms https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en

References

https://www.dell.com/support/article/us/en/04/sln317683/d...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2019
Vulnerability Reserved
Jan 3, 2019