CVE-2024-0158

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

CVSS v3 5.1 MEDIUM

5.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-02 07:15

Updated : 2024-07-02 12:09

NVD link : CVE-2024-0158

Mitre link : CVE-2024-0158

CVE.ORG link : CVE-2024-0158

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-0158", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 0.8}]}, "published": "2024-07-02T07:15:02.370", "references": [{"url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability", "source": "security_alert@emc.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"}, {"lang": "es", "value": "Dell BIOS contiene una vulnerabilidad de validaci\u00f3n de entrada incorrecta. Un usuario malicioso local autenticado con privilegios de administrador podr\u00eda explotar esta vulnerabilidad para modificar una variable UEFI, lo que provocar\u00eda una denegaci\u00f3n de servicio y una escalada de privilegios."}], "lastModified": "2024-07-02T12:09:16.907", "sourceIdentifier": "security_alert@emc.com"}

5.1 /10