Dell BIOS Vulnerability Could Lead to Denial of Service and Escalation of Privileges

CVE-2024-0158

6.7MEDIUM

Key Information

Vendor: Dell
Status: Cpg BiOS
Vendor: CVE Published:; 2 July 2024

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

Affected Version(s)

CPG BIOS < 1.28.0

CPG BIOS < 1.23.0

CPG BIOS < 1.15.0

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 6.7 to: 5.1 - (MEDIUM)
Aug 1, 2024
Vulnerability published.
Jul 2, 2024
Vulnerability Reserved.
Dec 14, 2023

Collectors

NVD DatabaseMitre Database