← Back

CVE-2024-0160

nvd nist
Published: Jun 12, 2024Modified: Nov 21, 2024

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD

Description

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

Affected (15)

Dell
15 products
Xps 17 9700 Firmware
Xps 15 9500 Firmware
Vostro 7500 Firmware
Precision 5750 Firmware
Precision 5550 Firmware
Latitude 3520 Firmware
Latitude 3510 Firmware
Latitude 3420 Firmware
Latitude 3410 Firmware
Inspiron 7501 Firmware
Inspiron 7500 Firmware
G7 7700 Firmware
G7 7500 Firmware
G5 5500 Firmware
G3 3500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xps 17 9700 Firmware
Before 1.30.0
Running on/withPlatform Versions
Dell
Xps 17 9700
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xps 15 9500 Firmware
Before 1.31.0
Running on/withPlatform Versions
Dell
Xps 15 9500
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vostro 7500 Firmware
Before 1.28.0
Running on/withPlatform Versions
Dell
Vostro 7500
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Precision 5750 Firmware
Before 1.30.0
Running on/withPlatform Versions
Dell
Precision 5750
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Precision 5550 Firmware
Before 1.31.0
Running on/withPlatform Versions
Dell
Precision 5550
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Latitude 3520 Firmware
Before 1.36.0
Running on/withPlatform Versions
Dell
Latitude 3520
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Latitude 3510 Firmware
Before 1.29.0
Running on/withPlatform Versions
Dell
Latitude 3510
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Latitude 3420 Firmware
Before 1.36.0
Running on/withPlatform Versions
Dell
Latitude 3420
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Latitude 3410 Firmware
Before 1.29.0
Running on/withPlatform Versions
Dell
Latitude 3410
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Inspiron 7501 Firmware
Before 1.28.0
Running on/withPlatform Versions
Dell
Inspiron 7501
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Inspiron 7500 Firmware
Before 1.28.0
Running on/withPlatform Versions
Dell
Inspiron 7500
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
G7 7700 Firmware
Before 1.32.0
Running on/withPlatform Versions
Dell
G7 7700
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
G7 7500 Firmware
Before 1.32.0
Running on/withPlatform Versions
Dell
G7 7500
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
G5 5500 Firmware
Before 1.30.0
Running on/withPlatform Versions
Dell
G5 5500
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
G3 3500 Firmware
Before 1.30.0
Running on/withPlatform Versions
Dell
G3 3500
All versions

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.