CVE-2024-0160

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:xps_17_9700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:xps_15_9500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_15_9500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:vostro_7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_7500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:precision_5750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:precision_5550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5550:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:latitude_3520_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3520:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dell:latitude_3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3510:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dell:latitude_3420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dell:latitude_3410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_3410:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dell:inspiron_7501_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7501:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dell:inspiron_7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7500:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dell:g5_5500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dell:g3_3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122 - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122 - Vendor Advisory

25 Sep 2024, 14:25

Type	Values Removed	Values Added
CPE		cpe:2.3:o:dell:precision_5550_firmware:::::::: cpe:2.3:o:dell:latitude_3520_firmware:::::::: cpe:2.3:h:dell:g5_5500:-:::::::* cpe:2.3:o:dell:latitude_3420_firmware:::::::: cpe:2.3:h:dell:g7_7500:-:::::::* cpe:2.3:h:dell:precision_5750:-:::::::* cpe:2.3:o:dell:vostro_7500_firmware:::::::: cpe:2.3:h:dell:g3_3500:-:::::::* cpe:2.3:h:dell:inspiron_7501:-:::::::* cpe:2.3:o:dell:g5_5500_firmware:::::::: cpe:2.3:o:dell:g3_3500_firmware:::::::: cpe:2.3:h:dell:xps_17_9700:-:::::::* cpe:2.3:h:dell:latitude_3510:-:::::::* cpe:2.3:h:dell:inspiron_7500:-:::::::* cpe:2.3:o:dell:xps_15_9500_firmware:::::::: cpe:2.3:h:dell:vostro_7500:-:::::::* cpe:2.3:o:dell:inspiron_7500_firmware:::::::: cpe:2.3:o:dell:latitude_3510_firmware:::::::: cpe:2.3:o:dell:inspiron_7501_firmware:::::::: cpe:2.3:h:dell:latitude_3410:-:::::::* cpe:2.3:h:dell:g7_7700:-:::::::* cpe:2.3:h:dell:xps_15_9500:-:::::::* cpe:2.3:h:dell:latitude_3420:-:::::::* cpe:2.3:h:dell:precision_5550:-:::::::* cpe:2.3:h:dell:latitude_3520:-:::::::* cpe:2.3:o:dell:latitude_3410_firmware:::::::: cpe:2.3:o:dell:g7_7700_firmware:::::::: cpe:2.3:o:dell:g7_7500_firmware:::::::: cpe:2.3:o:dell:precision_5750_firmware:::::::: cpe:2.3:o:dell:xps_17_9700_firmware::::::::
First Time		Dell xps 15 9500 Firmware Dell latitude 3410 Dell xps 15 9500 Dell latitude 3520 Firmware Dell precision 5550 Dell g5 5500 Firmware Dell vostro 7500 Dell latitude 3420 Firmware Dell precision 5550 Firmware Dell inspiron 7501 Firmware Dell latitude 3520 Dell inspiron 7501 Dell inspiron 7500 Dell precision 5750 Firmware Dell vostro 7500 Firmware Dell latitude 3510 Dell Dell g3 3500 Firmware Dell g5 5500 Dell g7 7700 Firmware Dell g7 7500 Firmware Dell xps 17 9700 Firmware Dell precision 5750 Dell xps 17 9700 Dell g7 7700 Dell g7 7500 Dell latitude 3410 Firmware Dell latitude 3510 Firmware Dell g3 3500 Dell inspiron 7500 Firmware Dell latitude 3420
References	~~() https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122 -~~	() https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122 - Vendor Advisory

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) Dell Client Platform contiene una vulnerabilidad de autorización incorrecta. Un atacante con acceso físico al sistema podría explotar esta vulnerabilidad al eludir la autorización del BIOS para modificar la configuración del BIOS.

12 Jun 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-12 07:15

Updated : 2024-11-21 08:45

NVD link : CVE-2024-0160

Mitre link : CVE-2024-0160

CVE.ORG link : CVE-2024-0160

JSON object : View

Products Affected

dell

precision_5550_firmware
latitude_3510_firmware
precision_5750
latitude_3520_firmware
xps_15_9500_firmware
xps_17_9700_firmware
g7_7500
latitude_3410_firmware
xps_15_9500
precision_5750_firmware
xps_17_9700
inspiron_7500
vostro_7500
latitude_3520
inspiron_7501
latitude_3510
inspiron_7500_firmware
g3_3500
latitude_3420_firmware
g5_5500
g3_3500_firmware
precision_5550
g7_7700
g7_7500_firmware
latitude_3420
g7_7700_firmware
vostro_7500_firmware
inspiron_7501_firmware
g5_5500_firmware
latitude_3410

CWE

CWE-863

Incorrect Authorization

6.8 /10