Dell BIOS Vulnerability Could Lead to Arbitrary Code Execution
CVE-2024-22429

7.5HIGH

Key Information:

Vendor: Dell
Status: Cpg BiOS
Vendor: CVE Published:; 17 May 2024

Summary

The BIOS firmware provided by Dell is affected by an improper input validation vulnerability. This issue allows a local, authenticated attacker who possesses admin privileges to exploit the vulnerability, which may lead to arbitrary code execution. Such exploitation can pose significant risks to the integrity and availability of the system, allowing attackers to potentially manipulate the environment beyond intended security measures. Users are advised to review their BIOS versions and apply appropriate patches or mitigations provided by Dell.

Affected Version(s)

CPG BIOS < 2.36.0

CPG BIOS < 1.18.0

CPG BIOS < 1.46.0

References

https://www.dell.com/support/kbdoc/en-us/000221102/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 17, 2024

Credit

Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.