Dell BIOS Vulnerability Could Lead to Code Execution

CVE-2024-32860
8.2HIGH

Key Information

Vendor
Dell
Status
Cpg BiOS
Vendor
CVE Published:
13 June 2024

Summary

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Affected Version(s)

CPG BIOS < 1.0.24

CPG BIOS < 1.1.25

CPG BIOS < 1.19.0

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Dell Technologies would like to thank Eason for reporting this issue.
.