DSA-2024-355: Security Update for Dell Client Platform BIOS for an Improper Input Validation Vulnerability

Resumen: Dell Client Platform BIOS remediation is available for an Improper Input Validation Vulnerability in an externally developed component that could be exploited by malicious users to compromise the affected system. ...

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.
Consulte estos recursos

Impacto

High

Detalles

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-47238

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2024-47238

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product

Software/Firmware

Affected Versions

Remediated Versions

Release Date (MM/DD/YYYY)

Link

Dell Edge Gateway 5000

BIOS

Versions prior to 1.29.0

Versions 1.29.0 or later

10/07/2024

Go to the Drivers & Downloads site for updates

Edge Gateway 3000 series

BIOS

Versions prior to 1.19.0

Versions 1.19.0 or later

10/04/2024

Go to the Drivers & Downloads site for updates

Embedded Box PC 3000

BIOS

Versions prior to 1.25.0

Versions 1.25.0 or later

10/09/2024

Go to the Drivers & Downloads site for updates

Product

Software/Firmware

Affected Versions

Remediated Versions

Release Date (MM/DD/YYYY)

Link

Dell Edge Gateway 5000

BIOS

Versions prior to 1.29.0

Versions 1.29.0 or later

10/07/2024

Go to the Drivers & Downloads site for updates

Edge Gateway 3000 series

BIOS

Versions prior to 1.19.0

Versions 1.19.0 or later

10/04/2024

Go to the Drivers & Downloads site for updates

Embedded Box PC 3000

BIOS

Versions prior to 1.25.0

Versions 1.25.0 or later

10/09/2024

Go to the Drivers & Downloads site for updates

Historial de revisiones

Revision

Date

Description

1.0

2024-12-12

Initial Release

Reconocimientos

CVE-2024-47238: Dell Technologies would like to thank Eclypsium for reporting this issue.

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Descargo de responsabilidad

Productos afectados

Dell Edge Gateway 3000 Series, Dell Edge Gateway 5000, Dell Embedded Box PC 3000
Propiedades del artículo
Número del artículo: 000227595
Tipo de artículo: Dell Security Advisory
Última modificación: 12 dic 2024
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.