CVE-2024-39584

CWE-13923 documents3 sources

Severity

8.2HIGH

EPSS

0.0%

top 98.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Dell Client Platform Bios Dell Alienware Area 51M R2 Firmware Dell Alienware Aurora R13 Firmware +18 more

Timeline

PublishedAug 28

Description

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages21 packages

▶CVEListV5dell/dell_client_platform_biosN/A — 1.29.0+3

▶NVDdell/xps_8950_firmware< 1.21.0

▶NVDdell/xps_8960_firmware< 2.12.0

▶NVDdell/aurora_r16_firmware< 2.13.0

▶NVDdell/alienware_x14_firmware< 1.21.0

🔴Vulnerability Details

GHSA

GHSA-fr9f-2m5p-2jv4: Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability↗2024-08-28

▶

CVEList

CVE-2024-39584: Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability↗2024-08-28

▶