CVE-2024-28970

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28970
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.

4.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:vostro_5502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:vostro_5402_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:precision_3660_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:inspiron_5509_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:inspiron_5502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:inspiron_5409_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:inspiron_5402_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_27_7720_all-in-one:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_24_5420_all-in-one:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:inspiron_16_plus_7640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_16_plus_7640:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:inspiron_16_7640_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_16_7640_2-in-1:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:inspiron_14_plus_7440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_14_plus_7440:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*
History

18 Sep 2024, 13:04

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168 - () https://www.dell.com/support/kbdoc/en-us/000225476/dsa-2024-168 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.4
CPE cpe:2.3:o:dell:inspiron_16_plus_7640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:g7_7700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_5502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_5402_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_24_5420_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_16_7640_2-in-1:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_14_plus_7440:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_3660_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_16_7640_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_16_plus_7640:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_5502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_27_7720_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:g7_7500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_14_plus_7440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_5509_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3660:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_5402_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_5409_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:*:*:*:*:*:*:*:*
First Time Dell vostro 5402 Firmware
Dell inspiron 5409
Dell inspiron 16 7640 2-in-1
Dell inspiron 5502
Dell vostro 5502 Firmware
Dell g7 7500 Firmware
Dell inspiron 16 7640 2-in-1 Firmware
Dell g7 7700 Firmware
Dell inspiron 16 Plus 7640
Dell inspiron 5509
Dell vostro 5402
Dell inspiron 24 5420 All-in-one
Dell
Dell inspiron 14 Plus 7440
Dell inspiron 27 7720 All-in-one
Dell g7 7500
Dell precision 3660 Firmware
Dell inspiron 24 5420 All-in-one Firmware
Dell inspiron 16 Plus 7640 Firmware
Dell inspiron 5509 Firmware
Dell precision 3660
Dell inspiron 5409 Firmware
Dell g7 7700
Dell inspiron 14 Plus 7440 Firmware
Dell inspiron 27 7720 All-in-one Firmware
Dell vostro 5502
Dell inspiron 5402
Dell inspiron 5402 Firmware
Dell inspiron 5502 Firmware

12 Jun 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-12 07:15

Updated : 2024-09-18 13:04

NVD link : CVE-2024-28970

Mitre link : CVE-2024-28970

JSON object : View

Products Affected

dell

  • inspiron_14_plus_7440_firmware
  • vostro_5502
  • inspiron_24_5420_all-in-one
  • inspiron_5502_firmware
  • inspiron_5409_firmware
  • vostro_5502_firmware
  • inspiron_14_plus_7440
  • inspiron_27_7720_all-in-one
  • inspiron_16_7640_2-in-1
  • g7_7500_firmware
  • inspiron_27_7720_all-in-one_firmware
  • inspiron_5509
  • g7_7700_firmware
  • inspiron_5402_firmware
  • inspiron_16_plus_7640_firmware
  • vostro_5402_firmware
  • precision_3660
  • inspiron_16_7640_2-in-1_firmware
  • vostro_5402
  • inspiron_5509_firmware
  • inspiron_5409
  • inspiron_24_5420_all-in-one_firmware
  • g7_7500
  • g7_7700
  • inspiron_16_plus_7640
  • inspiron_5502
  • precision_3660_firmware
  • inspiron_5402
CWE
CWE-787

Out-of-bounds Write