CVE-2024-32856

MEDIUM

Dell Client Platform BIOS - Information Disclosure via Improper Input Validation

Title source: llm

Description

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000221745/dsa-2024-067

Scores

CVSS v3 5.1

EPSS 0.0003

EPSS Percentile 10.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (23)

dell/alienware_area_51m_r2_firmware < 1.26.0

dell/alienware_aurora_r10_firmware < 2.8.0

dell/alienware_aurora_r11_firmware < 1.0.24

dell/alienware_aurora_r12_firmware < 1.1.25

dell/alienware_aurora_r13_firmware < 1.19.0

dell/alienware_aurora_r15_amd_firmware < 1.13.0

dell/alienware_aurora_r15_firmware < 1.12.0

dell/alienware_aurora_ryzen_edition_r14_firmware < 2.18.0

dell/alienware_m15_r3_firmware < 1.27.0

dell/alienware_m15_r4_firmware < 1.21.0

... and 13 more

Published Jun 13, 2024

Tracked Since Feb 18, 2026