Dell Cpg Bios vulnerabilities

CVE-2024-0158 [MEDIUM] CWE-20 CVE-2024-0158: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

CVE-2024-32855 [LOW] CWE-787 CVE-2024-32855: Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed c Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

CVE-2024-32859 [HIGH] CWE-20 CVE-2024-32859: Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVE-2024-32858 [HIGH] CWE-20 CVE-2024-32858: Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVE-2024-32860 [HIGH] CWE-20 CVE-2024-32860: Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVE-2024-32856 [MEDIUM] CWE-20 CVE-2024-32856: Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVE-2024-28970 [MEDIUM] CWE-787 CVE-2024-28970: Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.

CVE-2024-0160 [MEDIUM] CWE-863 CVE-2024-0160: Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical ac Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

CVE-2023-32475 [HIGH] CWE-353 CVE-2023-32475: Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical ac Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.

CVE-2024-22429 [HIGH] CWE-20 CVE-2024-22429: Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

CVE-2024-22448 [MEDIUM] CWE-787 CVE-2024-22448: Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with a Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

CVE-2023-48674 [MEDIUM] CWE-170 CVE-2023-48674: Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with n Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.

CVE-2023-28063 [MEDIUM] CWE-195 CVE-2023-28063: Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malic Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

CVE-2023-39251 [MEDIUM] CWE-20 CVE-2023-39251: Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high pri Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

CVE-2023-43088 [HIGH] CWE-16 CVE-2023-43088: Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated att Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

CVE-2023-28075 [MEDIUM] CWE-367 CVE-2023-28075: Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated maliciou Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.

CVE-2023-32453 [MEDIUM] CWE-287 CVE-2023-32453: Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

CVE-2023-28073 [HIGH] CWE-287 CVE-2023-28073: Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

CVE-2023-28064 [LOW] CWE-787 CVE-2023-28064: Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may p Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

CVE-2023-25938 [MEDIUM] CWE-20 CVE-2023-25938: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.