CVE-2024-39584

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_8960:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_8950:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:inspiron_15_3521_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_15_3521:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:inspiron_15_3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_15_3510:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:aurora_r16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:aurora_r16:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dell:alienware_x17_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x17_r2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dell:alienware_x15_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x15_r2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dell:alienware_x14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x14:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r15:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*

History

20 Dec 2024, 14:38

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354 -~~	() https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354 - Vendor Advisory
CWE		NVD-CWE-Other
First Time		Dell alienware X15 R2 Dell alienware X15 R2 Firmware Dell xps 8960 Dell inspiron 3502 Dell alienware Aurora R15 Amd Dell alienware X17 R2 Dell alienware M17 R4 Dell alienware Aurora Ryzen Edition R14 Dell inspiron 15 3510 Dell alienware X17 R2 Firmware Dell alienware Aurora Ryzen Edition R14 Firmware Dell aurora R16 Dell alienware Aurora R15 Amd Firmware Dell xps 8950 Firmware Dell xps 8950 Dell inspiron 15 3521 Firmware Dell alienware Aurora R15 Dell alienware M15 R4 Firmware Dell alienware X17 R1 Dell alienware M15 R3 Firmware Dell xps 8960 Firmware Dell alienware M15 R4 Dell alienware Area 51m R2 Dell alienware X14 Firmware Dell alienware Aurora R15 Firmware Dell inspiron 15 3510 Firmware Dell alienware M15 R3 Dell alienware Aurora R13 Dell inspiron 15 3521 Dell inspiron 3502 Firmware Dell alienware X15 R1 Dell alienware X15 R1 Firmware Dell Dell alienware Area 51m R2 Firmware Dell alienware M17 R4 Firmware Dell alienware X17 R1 Firmware Dell alienware M17 R3 Dell alienware Aurora R13 Firmware Dell aurora R16 Firmware Dell alienware M17 R3 Firmware Dell alienware X14
CPE		cpe:2.3:h:dell:inspiron_3502:-:::::::* cpe:2.3:o:dell:alienware_m15_r3_firmware:::::::: cpe:2.3:o:dell:alienware_m17_r4_firmware:::::::: cpe:2.3:o:dell:alienware_m15_r4_firmware:::::::: cpe:2.3:o:dell:inspiron_15_3510_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_r13_firmware:::::::: cpe:2.3:h:dell:alienware_area_51m_r2:-:::::::* cpe:2.3:h:dell:alienware_m17_r3:-:::::::* cpe:2.3:h:dell:aurora_r16:-:::::::* cpe:2.3:o:dell:inspiron_15_3521_firmware:::::::: cpe:2.3:o:dell:alienware_m17_r3_firmware:::::::: cpe:2.3:h:dell:inspiron_15_3510:-:::::::* cpe:2.3:o:dell:alienware_x17_r2_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_r15_firmware:::::::: cpe:2.3:o:dell:xps_8950_firmware:::::::: cpe:2.3:h:dell:alienware_m15_r4:-:::::::* cpe:2.3:h:dell:inspiron_15_3521:-:::::::* cpe:2.3:o:dell:alienware_x14_firmware:::::::: cpe:2.3:o:dell:xps_8960_firmware:::::::: cpe:2.3:o:dell:aurora_r16_firmware:::::::: cpe:2.3:o:dell:inspiron_3502_firmware:::::::: cpe:2.3:h:dell:alienware_m17_r4:-:::::::* cpe:2.3:h:dell:alienware_x15_r1:-:::::::* cpe:2.3:h:dell:alienware_x14:-:::::::* cpe:2.3:h:dell:alienware_x17_r1:-:::::::* cpe:2.3:o:dell:alienware_x17_r1_firmware:::::::: cpe:2.3:h:dell:alienware_x17_r2:-:::::::* cpe:2.3:o:dell:alienware_x15_r2_firmware:::::::: cpe:2.3:o:dell:alienware_x15_r1_firmware:::::::: cpe:2.3:h:dell:alienware_x15_r2:-:::::::* cpe:2.3:h:dell:alienware_aurora_r15:-:::::::* cpe:2.3:h:dell:xps_8950:-:::::::* cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:::::::: cpe:2.3:h:dell:alienware_m15_r3:-:::::::* cpe:2.3:o:dell:alienware_area_51m_r2_firmware:::::::: cpe:2.3:h:dell:alienware_aurora_r13:-:::::::* cpe:2.3:h:dell:xps_8960:-:::::::* cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:::::::* cpe:2.3:h:dell:alienware_aurora_r15_amd:-:::::::*

28 Aug 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Dell Client Platform BIOS contiene una vulnerabilidad de uso de clave criptográfica predeterminada. Un atacante con privilegios elevados y acceso local podría explotar esta vulnerabilidad, lo que provocaría una omisión del arranque seguro y la ejecución de código arbitrario.

28 Aug 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-28 06:15

Updated : 2024-12-20 14:38

NVD link : CVE-2024-39584

Mitre link : CVE-2024-39584

CVE.ORG link : CVE-2024-39584

JSON object : View

Products Affected

dell

alienware_area_51m_r2
alienware_x17_r1_firmware
alienware_m15_r4
alienware_aurora_ryzen_edition_r14
alienware_x17_r2_firmware
alienware_aurora_r15_firmware
xps_8950_firmware
inspiron_3502_firmware
alienware_m15_r3_firmware
alienware_aurora_r15_amd
aurora_r16_firmware
alienware_x14_firmware
alienware_m17_r4
xps_8960_firmware
alienware_m15_r4_firmware
alienware_x15_r1
aurora_r16
inspiron_15_3510
alienware_aurora_r13
alienware_x17_r2
alienware_m17_r3_firmware
inspiron_15_3510_firmware
alienware_m17_r3
alienware_x15_r2
alienware_m17_r4_firmware
alienware_aurora_r15
alienware_area_51m_r2_firmware
inspiron_3502
xps_8950
inspiron_15_3521_firmware
alienware_x15_r2_firmware
alienware_m15_r3
alienware_aurora_ryzen_edition_r14_firmware
alienware_aurora_r13_firmware
alienware_x15_r1_firmware
inspiron_15_3521
xps_8960
alienware_aurora_r15_amd_firmware
alienware_x17_r1
alienware_x14

CWE

CWE-1392 NVD-CWE-Other

8.2 /10