Dell BIOS Vulnerability Could Lead to Code Execution
CVE-2024-32860

8.2HIGH

Key Information:

Vendor: Dell
Status: Cpg BiOS
Vendor: CVE Published:; 13 June 2024

Summary

The Dell Client Platform BIOS has been identified with an improperly validated input vulnerability within an externally developed component. This flaw permits a high privileged attacker who has local access to the system to potentially exploit the vulnerability, leading to arbitrary code execution. It is critical for users of affected Dell Client Platform BIOS versions to assess their security measures and apply any available patches or mitigations to protect against potential exploitation.

Affected Version(s)

CPG BIOS < 1.0.24

CPG BIOS < 1.1.25

CPG BIOS < 1.19.0

References

https://www.dell.com/support/kbdoc/en-us/000223440/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Apr 19, 2024

Credit

Dell Technologies would like to thank Eason for reporting this issue.