CVE-2024-42424

Published: Sep 10, 2024Modified: Dec 20, 2024

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitability: 1.5 / Impact: 4.0

Source: NVD

Description

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Affected (2)

Products: Dell: Precision 7920 Rack Firmware, 7920 Xl Rack Firmware

Dell

2 products

Precision 7920 Rack Firmware

7920 Xl Rack Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Precision 7920 Rack Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Precision 7920 Rack	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell 7920 Xl Rack Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell 7920 Xl Rack	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://www.dell.com/support/kbdoc/en-us/000227014/dsa-2024-327

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.