CVE-2024-0158

CWE-20Improper Input Validation3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 86.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
388
Dell CPG BiosDell Alienware M15 R6 FirmwareDell Alienware M15 R7 Firmware+385 more
Timeline
PublishedJul 2

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LExploitability: 0.8 | Impact: 4.2

Affected Packages388 packages

CVEListV5dell/cpg_biosN/A1.28.0+67
NVDdell/g3_3500_firmware< 1.29.0
NVDdell/g5_5000_firmware< 1.19.0
NVDdell/g5_5090_firmware< 1.25.0
NVDdell/g5_5500_firmware< 1.29.0

🔴Vulnerability Details

2
CVEList
CVE-2024-0158: Dell BIOS contains an improper input validation vulnerability2024-07-02
GHSA
GHSA-w975-rg3f-5xr9: Dell BIOS contains an improper input validation vulnerability2024-07-02
CVE-2024-0158 (MEDIUM CVSS 6.7) | Dell BIOS contains an improper inpu | cvebase.io