CVE-2024-52537
MEDIUMDell Dock HD22Q, WD19, and WD22TB4 Firmware Update Utility - Privilege Escalation via Symlink Following
Title source: llmDescription
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.dell.com/support/kbdoc/en-us/000227591/dsa-2024-351
Scores
CVSS v3
6.3
EPSS
0.0017
EPSS Percentile
6.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-61
CWE-59
Status
published
Products (3)
dell/dock_hd22q_firmware_update_utility
< 1.00.23
dell/dock_wd19_firmware_update_utility
< 01.00.44
dell/dock_wd22tb4_firmware_update_utility
< 01.00.28
Published
Dec 11, 2024
Tracked Since
Feb 18, 2026