CVE-2024-47238

Published: Dec 12, 2024Modified: Feb 4, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Affected (8)

Products: Dell: Embedded Box Pc 3000 Firmware, Edge Gateway 3001 Firmware, Edge Gateway 3002 Firmware, Edge Gateway 3003 Firmware, Edge Gateway 5000 Firmware, Edge Gateway 5100 Firmware, Edge Gateway 3000 Firmware, Edge Gateway 3200 Firmware

Dell

8 products

Embedded Box Pc 3000 Firmware

Edge Gateway 3001 Firmware

Edge Gateway 3002 Firmware

Edge Gateway 3003 Firmware

Edge Gateway 5000 Firmware

Edge Gateway 5100 Firmware

Edge Gateway 3000 Firmware

Edge Gateway 3200 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Embedded Box Pc 3000 Firmware	Before 1.25.0

Running on/with	Platform Versions
Dell Embedded Box Pc 3000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Edge Gateway 3001 Firmware	Before 1.19.0

Running on/with	Platform Versions
Dell Edge Gateway 3001	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Edge Gateway 3002 Firmware	Before 1.19.0

Running on/with	Platform Versions
Dell Edge Gateway 3002	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Edge Gateway 3003 Firmware	Before 1.19.0

Running on/with	Platform Versions
Dell Edge Gateway 3003	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Edge Gateway 5000 Firmware	Before 1.29.0

Running on/with	Platform Versions
Dell Edge Gateway 5000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Edge Gateway 5100 Firmware	Before 1.29.0

Running on/with	Platform Versions
Dell Edge Gateway 5100	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Edge Gateway 3000 Firmware	Before 1.19.0

Running on/with	Platform Versions
Dell Edge Gateway 3000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Edge Gateway 3200 Firmware	Before 1.19.0

Running on/with	Platform Versions
Dell Edge Gateway 3200	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://www.dell.com/support/kbdoc/en-us/000227595/dsa-2024-355

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.