CVE-2024-32859

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_8960:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_8950:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:inspiron_15_3521_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_15_3521:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:inspiron_15_3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_15_3510:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:aurora_r16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:aurora_r16:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dell:alienware_x17_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x17_r2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dell:alienware_x15_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x15_r2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dell:alienware_x14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x14:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r15:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r12:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r11:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r10:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:15

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124 - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.2~~	v2 : unknown v3 : 7.5

19 Sep 2024, 16:24

Type	Values Removed	Values Added
CPE		cpe:2.3:o:dell:alienware_aurora_r15_firmware:::::::: cpe:2.3:o:dell:inspiron_15_3510_firmware:::::::: cpe:2.3:h:dell:alienware_x15_r1:-:::::::* cpe:2.3:o:dell:alienware_m15_r4_firmware:::::::: cpe:2.3:o:dell:alienware_area_51m_r2_firmware:::::::: cpe:2.3:h:dell:xps_8960:-:::::::* cpe:2.3:o:dell:alienware_m17_r4_firmware:::::::: cpe:2.3:o:dell:alienware_x17_r1_firmware:::::::: cpe:2.3:o:dell:xps_8960_firmware:::::::: cpe:2.3:o:dell:alienware_x15_r2_firmware:::::::: cpe:2.3:h:dell:alienware_aurora_r13:-:::::::* cpe:2.3:h:dell:alienware_m17_r4:-:::::::* cpe:2.3:o:dell:alienware_aurora_r10_firmware:::::::: cpe:2.3:h:dell:alienware_m15_r4:-:::::::* cpe:2.3:h:dell:alienware_x14:-:::::::* cpe:2.3:o:dell:alienware_x17_r2_firmware:::::::: cpe:2.3:h:dell:alienware_m15_r3:-:::::::* cpe:2.3:h:dell:alienware_aurora_r15_amd:-:::::::* cpe:2.3:o:dell:aurora_r16_firmware:::::::: cpe:2.3:o:dell:alienware_x14_firmware:::::::: cpe:2.3:o:dell:alienware_x15_r1_firmware:::::::: cpe:2.3:h:dell:alienware_x17_r1:-:::::::* cpe:2.3:h:dell:inspiron_15_3510:-:::::::* cpe:2.3:h:dell:alienware_m17_r3:-:::::::* cpe:2.3:o:dell:alienware_aurora_r13_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_r12_firmware:::::::: cpe:2.3:h:dell:alienware_area_51m_r2:-:::::::* cpe:2.3:h:dell:alienware_aurora_r12:-:::::::* cpe:2.3:h:dell:inspiron_3502:-:::::::* cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:::::::: cpe:2.3:o:dell:xps_8950_firmware:::::::: cpe:2.3:h:dell:alienware_aurora_r15:-:::::::* cpe:2.3:h:dell:alienware_x17_r2:-:::::::* cpe:2.3:o:dell:alienware_m17_r3_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:::::::: cpe:2.3:h:dell:alienware_aurora_r11:-:::::::* cpe:2.3:o:dell:alienware_m15_r3_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_r11_firmware:::::::: cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:::::::* cpe:2.3:h:dell:alienware_aurora_r10:-:::::::* cpe:2.3:h:dell:xps_8950:-:::::::* cpe:2.3:h:dell:aurora_r16:-:::::::* cpe:2.3:h:dell:alienware_x15_r2:-:::::::* cpe:2.3:o:dell:inspiron_15_3521_firmware:::::::: cpe:2.3:o:dell:inspiron_3502_firmware:::::::: cpe:2.3:h:dell:inspiron_15_3521:-:::::::*
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.2
First Time		Dell alienware Aurora R15 Amd Firmware Dell aurora R16 Dell alienware X17 R1 Dell alienware Aurora R12 Firmware Dell inspiron 3502 Firmware Dell xps 8950 Firmware Dell alienware X15 R1 Firmware Dell alienware X17 R1 Firmware Dell alienware X17 R2 Firmware Dell alienware X15 R2 Firmware Dell alienware M15 R3 Dell Dell alienware Aurora R11 Firmware Dell alienware M15 R4 Dell alienware M17 R3 Firmware Dell alienware Aurora Ryzen Edition R14 Firmware Dell alienware Aurora R11 Dell alienware Aurora R10 Dell inspiron 15 3521 Dell alienware M17 R4 Firmware Dell alienware Aurora R15 Amd Dell xps 8960 Firmware Dell alienware X14 Dell alienware X15 R2 Dell alienware Aurora R13 Dell xps 8960 Dell alienware Aurora Ryzen Edition R14 Dell alienware X15 R1 Dell alienware M15 R3 Firmware Dell alienware Aurora R15 Firmware Dell alienware Aurora R15 Dell inspiron 3502 Dell alienware Aurora R13 Firmware Dell alienware X14 Firmware Dell alienware X17 R2 Dell alienware Area 51m R2 Firmware Dell alienware Area 51m R2 Dell alienware M17 R3 Dell inspiron 15 3521 Firmware Dell inspiron 15 3510 Dell alienware M15 R4 Firmware Dell xps 8950 Dell inspiron 15 3510 Firmware Dell aurora R16 Firmware Dell alienware Aurora R12 Dell alienware Aurora R10 Firmware Dell alienware M17 R4
References	~~() https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124 -~~	() https://www.dell.com/support/kbdoc/en-us/000223439/dsa-2024-124 - Vendor Advisory

13 Jun 2024, 18:35

Type	Values Removed	Values Added
Summary		(es) Dell Client Platform BIOS contiene una vulnerabilidad de validación de entrada incorrecta en un componente desarrollado externamente. Un atacante con privilegios elevados y acceso local podría explotar esta vulnerabilidad y provocar la ejecución del código.

13 Jun 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-13 13:15

Updated : 2024-11-21 09:15

NVD link : CVE-2024-32859

Mitre link : CVE-2024-32859

CVE.ORG link : CVE-2024-32859

JSON object : View

Products Affected

dell

alienware_m15_r3
alienware_x15_r2_firmware
alienware_aurora_r12_firmware
alienware_aurora_r15_firmware
xps_8960_firmware
alienware_m15_r4
alienware_x15_r1
alienware_x14
alienware_x14_firmware
alienware_m17_r4_firmware
alienware_aurora_ryzen_edition_r14_firmware
alienware_aurora_r15_amd_firmware
alienware_area_51m_r2
alienware_x17_r1
inspiron_3502_firmware
aurora_r16
inspiron_3502
alienware_m15_r4_firmware
alienware_area_51m_r2_firmware
xps_8950_firmware
alienware_aurora_r10
alienware_m17_r3_firmware
alienware_aurora_r10_firmware
xps_8950
inspiron_15_3510_firmware
alienware_aurora_r15
alienware_x15_r1_firmware
aurora_r16_firmware
alienware_aurora_r13_firmware
alienware_aurora_r15_amd
alienware_aurora_r11
alienware_x15_r2
alienware_m17_r4
alienware_m15_r3_firmware
alienware_aurora_r13
alienware_aurora_r11_firmware
inspiron_15_3510
alienware_aurora_r12
alienware_m17_r3
alienware_x17_r2
alienware_aurora_ryzen_edition_r14
inspiron_15_3521
inspiron_15_3521_firmware
alienware_x17_r1_firmware
xps_8960
alienware_x17_r2_firmware

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

7.5 /10