CVE-2024-52537

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000227591/dsa-2024-351	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:dell:dock_hd22q_firmware_update_utility:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-::::::arm64:
	cpe:2.3:o:microsoft:windows:-::::::x86:

Configuration 2 (hide)

AND

cpe:2.3:a:dell:dock_hd22q_firmware_update_utility:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-::::::arm64:
	cpe:2.3:o:microsoft:windows:-::::::x86:

Configuration 3 (hide)

AND

cpe:2.3:a:dell:dock_wd19_firmware_update_utility:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-::::::arm64:
	cpe:2.3:o:microsoft:windows:-::::::x86:

Configuration 4 (hide)

AND

cpe:2.3:a:dell:dock_wd19_firmware_update_utility:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-::::::arm64:
	cpe:2.3:o:microsoft:windows:-::::::x86:

Configuration 5 (hide)

AND

cpe:2.3:a:dell:dock_wd22tb4_firmware_update_utility:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-::::::arm64:
	cpe:2.3:o:microsoft:windows:-::::::x86:

Configuration 6 (hide)

AND

cpe:2.3:a:dell:dock_wd22tb4_firmware_update_utility:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-::::::arm64:
	cpe:2.3:o:microsoft:windows:-::::::x86:

History

04 Feb 2025, 16:13

Type	Values Removed	Values Added
First Time		Microsoft Microsoft windows Dell dock Wd19 Firmware Update Utility Dell dock Wd22tb4 Firmware Update Utility Linux Linux linux Kernel Dell dock Hd22q Firmware Update Utility Dell
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-::::::x86: cpe:2.3:a:dell:dock_wd19_firmware_update_utility:::::::: cpe:2.3:a:dell:dock_hd22q_firmware_update_utility:::::::: cpe:2.3:a:dell:dock_wd22tb4_firmware_update_utility:::::::: cpe:2.3:o:microsoft:windows:-::::::arm64:
CWE		CWE-59
References	~~() https://www.dell.com/support/kbdoc/en-us/000227591/dsa-2024-351 -~~	() https://www.dell.com/support/kbdoc/en-us/000227591/dsa-2024-351 - Vendor Advisory

11 Dec 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-11 08:15

Updated : 2025-02-04 16:13

NVD link : CVE-2024-52537

Mitre link : CVE-2024-52537

CVE.ORG link : CVE-2024-52537

JSON object : View

Products Affected

linux

linux_kernel

dell

dock_wd19_firmware_update_utility
dock_hd22q_firmware_update_utility
dock_wd22tb4_firmware_update_utility

microsoft

windows

CWE

CWE-61

UNIX Symbolic Link (Symlink) Following

CWE-59

Improper Link Resolution Before File Access ('Link Following')

6.3 /10