CVE-2024-52537 — UNIX Symbolic Link (Symlink) Following in Dell Client Platform Bios

CWE-61 — UNIX Symbolic Link (Symlink) Following CWE-59 — Link Following3 documents3 sources

Severity

6.7MEDIUMNVD

CNA6.3

EPSS

0.1%

top 83.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Client Platform Bios Dell Dock Hd22q Firmware Update Utility Dell Dock Wd19 Firmware Update Utility +1 more

Timeline

PublishedDec 11

Description

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶NVDdell/dock_wd19_firmware_update_utility< 01.00.44+1

▶NVDdell/dock_hd22q_firmware_update_utility< 1.00.23+1

▶NVDdell/dock_wd22tb4_firmware_update_utility< 01.00.28+1

▶CVEListV5dell/dell_client_platform_biosN/A — 1.00.44, 1.00.28+1

🔴Vulnerability Details

CVEList

CVE-2024-52537: Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability↗2024-12-11

▶

GHSA

GHSA-86jp-9fvq-qr9r: Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability↗2024-12-11

▶