CVE-2024-0160

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0160
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:xps_17_9700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:xps_15_9500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_15_9500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:vostro_7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_7500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:precision_5750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:precision_5550_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5550:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:latitude_3520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3520:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:latitude_3510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3510:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:latitude_3420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:latitude_3410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3410:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:inspiron_7501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7501:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:inspiron_7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7500:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:g5_5500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:g3_3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*
History

25 Sep 2024, 14:25

Type Values Removed Values Added
CPE cpe:2.3:h:dell:latitude_3510:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_15_9500:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:latitude_3520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_5750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3520:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:latitude_3420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7500:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7501:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:xps_17_9700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_7500:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5550:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3410:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:xps_15_9500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:g5_5500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:latitude_3410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5750:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:latitude_3510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:g3_3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_7501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_5550_firmware:*:*:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122 - () https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122 - Vendor Advisory
First Time Dell inspiron 7501
Dell vostro 7500
Dell vostro 7500 Firmware
Dell precision 5750 Firmware
Dell latitude 3520 Firmware
Dell g3 3500
Dell precision 5750
Dell latitude 3510 Firmware
Dell xps 17 9700
Dell latitude 3510
Dell precision 5550 Firmware
Dell xps 17 9700 Firmware
Dell g5 5500 Firmware
Dell latitude 3420
Dell latitude 3420 Firmware
Dell latitude 3410
Dell latitude 3520
Dell g7 7700
Dell inspiron 7500 Firmware
Dell latitude 3410 Firmware
Dell precision 5550
Dell g5 5500
Dell g7 7700 Firmware
Dell inspiron 7500
Dell g7 7500 Firmware
Dell xps 15 9500
Dell
Dell xps 15 9500 Firmware
Dell inspiron 7501 Firmware
Dell g7 7500
Dell g3 3500 Firmware

13 Jun 2024, 18:36

Type Values Removed Values Added
Summary
  • (es) Dell Client Platform contiene una vulnerabilidad de autorización incorrecta. Un atacante con acceso físico al sistema podría explotar esta vulnerabilidad al eludir la autorización del BIOS para modificar la configuración del BIOS.

12 Jun 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-12 07:15

Updated : 2024-09-25 14:25

NVD link : CVE-2024-0160

Mitre link : CVE-2024-0160

CVE.ORG link : CVE-2024-0160

JSON object : View

Products Affected

dell

  • vostro_7500_firmware
  • inspiron_7500
  • g3_3500
  • latitude_3520
  • precision_5750
  • inspiron_7501
  • precision_5750_firmware
  • latitude_3420_firmware
  • precision_5550_firmware
  • latitude_3410_firmware
  • xps_15_9500_firmware
  • xps_17_9700
  • xps_15_9500
  • g7_7500
  • inspiron_7500_firmware
  • latitude_3520_firmware
  • xps_17_9700_firmware
  • latitude_3420
  • g7_7700_firmware
  • latitude_3410
  • latitude_3510
  • precision_5550
  • g7_7500_firmware
  • latitude_3510_firmware
  • g5_5500
  • g3_3500_firmware
  • inspiron_7501_firmware
  • vostro_7500
  • g7_7700
  • g5_5500_firmware
CWE
CWE-863

Incorrect Authorization