CVE-2024-42424

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000227014/dsa-2024-327	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:precision_7920_rack_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7920_rack:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:7920_xl_rack_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:7920_xl_rack:-:*:*:*:*:*:*:*

History

20 Dec 2024, 14:41

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://www.dell.com/support/kbdoc/en-us/000227014/dsa-2024-327 -~~	() https://www.dell.com/support/kbdoc/en-us/000227014/dsa-2024-327 - Vendor Advisory
CPE		cpe:2.3:h:dell:7920_xl_rack:-:::::::* cpe:2.3:o:dell:precision_7920_rack_firmware:::::::: cpe:2.3:h:dell:precision_7920_rack:-:::::::* cpe:2.3:o:dell:7920_xl_rack_firmware::::::::
First Time		Dell 7920 Xl Rack Dell precision 7920 Rack Dell Dell 7920 Xl Rack Firmware Dell precision 7920 Rack Firmware

10 Sep 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) Las versiones de BIOS de Intel para Dell Precision Rack 14G anteriores a la 2.22.2 contienen una vulnerabilidad de validación de entrada incorrecta. Un atacante con privilegios elevados y acceso local podría aprovechar esta vulnerabilidad, lo que provocaría la divulgación de información.

10 Sep 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 08:15

Updated : 2024-12-20 14:41

NVD link : CVE-2024-42424

Mitre link : CVE-2024-42424

CVE.ORG link : CVE-2024-42424

JSON object : View

Products Affected

dell

precision_7920_rack_firmware
7920_xl_rack
precision_7920_rack
7920_xl_rack_firmware

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2024-42424", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}]}, "published": "2024-09-10T08:15:02.487", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000227014/dsa-2024-327", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure."}, {"lang": "es", "value": "Las versiones de BIOS de Intel para Dell Precision Rack 14G anteriores a la 2.22.2 contienen una vulnerabilidad de validaci\u00f3n de entrada incorrecta. Un atacante con privilegios elevados y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2024-12-20T14:41:45.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7920_rack_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61F7B9AB-E6B6-4B3E-871C-6653922AA440", "versionEndExcluding": "2.22.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7920_rack:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C2430E8-4607-4255-AFD2-99CAEE7BFD73"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:7920_xl_rack_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE43ACC5-1E0E-4B43-925F-E0E7C6D5D53E", "versionEndExcluding": "2.22.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:7920_xl_rack:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19361B06-2F31-49BB-A3E6-5A5AC972AE01"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}