Details of VAR-202405-3505

ID

VAR-202405-3505

CVE

CVE-2024-22429

DESCRIPTION

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

Trust: 1.0

sources: NVD: CVE-2024-22429

AFFECTED PRODUCTS

vendor:	dell	model:	embedded box pc 5000	scope:	lt	version:	1.25.0	Trust: 1.0
vendor:	dell	model:	precision 3620 tower	scope:	lt	version:	2.30.0	Trust: 1.0
vendor:	dell	model:	latitude 5290	scope:	lt	version:	1.35.0	Trust: 1.0
vendor:	dell	model:	latitude 5580	scope:	lt	version:	1.36.0	Trust: 1.0
vendor:	dell	model:	latitude 7424 rugged extreme	scope:	lt	version:	1.32.0	Trust: 1.0
vendor:	dell	model:	latitude 5288	scope:	lt	version:	1.36.0	Trust: 1.0
vendor:	dell	model:	latitude 7280	scope:	lt	version:	1.37.0	Trust: 1.0
vendor:	dell	model:	precision 5520	scope:	lt	version:	1.38.0	Trust: 1.0
vendor:	dell	model:	edge gateway 5000	scope:	lt	version:	1.28.0	Trust: 1.0
vendor:	dell	model:	latitude 3390 2-in-1	scope:	lt	version:	1.31.0	Trust: 1.0
vendor:	dell	model:	latitude 5400	scope:	lt	version:	1.30.0	Trust: 1.0
vendor:	dell	model:	latitude 7480	scope:	lt	version:	1.37.0	Trust: 1.0
vendor:	dell	model:	latitude 7380	scope:	lt	version:	1.37.0	Trust: 1.0
vendor:	dell	model:	latitude 7414 rugged	scope:	lt	version:	1.46.0	Trust: 1.0
vendor:	dell	model:	latitude 7290	scope:	lt	version:	1.38.0	Trust: 1.0
vendor:	dell	model:	latitude 7390	scope:	lt	version:	1.38.0	Trust: 1.0
vendor:	dell	model:	latitude 5490	scope:	lt	version:	1.35.0	Trust: 1.0
vendor:	dell	model:	latitude 5420 rugged	scope:	lt	version:	1.32.0	Trust: 1.0
vendor:	dell	model:	optiplex 7450 all-in-one	scope:	lt	version:	1.32.0	Trust: 1.0
vendor:	dell	model:	latitude 7285 2-in-1	scope:	lt	version:	1.26.0	Trust: 1.0
vendor:	dell	model:	latitude 5280	scope:	lt	version:	1.36.0	Trust: 1.0
vendor:	dell	model:	optiplex 3050 all-in-one	scope:	lt	version:	1.32.0	Trust: 1.0
vendor:	dell	model:	precision 3420 tower	scope:	lt	version:	2.30.0	Trust: 1.0
vendor:	dell	model:	latitude 5290 2-in-1	scope:	lt	version:	1.34.0	Trust: 1.0
vendor:	dell	model:	precision 3520	scope:	lt	version:	1.36.0	Trust: 1.0
vendor:	dell	model:	latitude 5488	scope:	lt	version:	1.36.0	Trust: 1.0
vendor:	dell	model:	latitude 7390 2-in-1	scope:	lt	version:	1.35.0	Trust: 1.0
vendor:	dell	model:	latitude 5424 rugged	scope:	lt	version:	1.32.0	Trust: 1.0
vendor:	dell	model:	latitude 5590	scope:	lt	version:	1.35.0	Trust: 1.0
vendor:	dell	model:	latitude 3190	scope:	lt	version:	1.34.0	Trust: 1.0
vendor:	dell	model:	latitude 3180	scope:	lt	version:	1.29.0	Trust: 1.0
vendor:	dell	model:	precision 7720	scope:	lt	version:	1.36.0	Trust: 1.0
vendor:	dell	model:	latitude 7212 rugged extreme tablet	scope:	lt	version:	1.50.0	Trust: 1.0
vendor:	dell	model:	precision 7520	scope:	lt	version:	1.36.0	Trust: 1.0
vendor:	dell	model:	latitude 3190 2-in-1	scope:	lt	version:	1.34.0	Trust: 1.0
vendor:	dell	model:	latitude 12 rugged extreme 7214	scope:	lt	version:	1.46.0	Trust: 1.0
vendor:	dell	model:	wyse 7040 thin client	scope:	lt	version:	1.25.0	Trust: 1.0
vendor:	dell	model:	latitude 5480	scope:	lt	version:	1.36.0	Trust: 1.0
vendor:	dell	model:	latitude 13 3380	scope:	lt	version:	1.27.0	Trust: 1.0
vendor:	dell	model:	latitude 3189	scope:	lt	version:	1.29.0	Trust: 1.0
vendor:	dell	model:	wyse 5070	scope:	lt	version:	1.31.0	Trust: 1.0
vendor:	dell	model:	optiplex 5050	scope:	lt	version:	1.30.0	Trust: 1.0
vendor:	dell	model:	latitude 7490	scope:	lt	version:	1.38.0	Trust: 1.0
vendor:	dell	model:	optiplex 3050	scope:	lt	version:	1.30.0	Trust: 1.0
vendor:	dell	model:	precision 5820 tower	scope:	lt	version:	2.36.0	Trust: 1.0
vendor:	dell	model:	precision 5530 2-in-1	scope:	lt	version:	1.31.8	Trust: 1.0
vendor:	dell	model:	latitude 3300	scope:	lt	version:	1.28.0	Trust: 1.0
vendor:	dell	model:	edge gateway 3000	scope:	lt	version:	1.18.0	Trust: 1.0
vendor:	dell	model:	latitude 5414 rugged	scope:	lt	version:	1.46.0	Trust: 1.0
vendor:	dell	model:	embedded box pc 3000	scope:	lt	version:	1.24.0	Trust: 1.0

sources: NVD: CVE-2024-22429

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2024-22429
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-22429
value:	MEDIUM
Trust: 1.0

security_alert@emc.com:	CVE-2024-22429
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	6.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-22429
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2024-22429 // NVD: CVE-2024-22429

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2024-22429

EXTERNAL IDS

db:

NVD

id:

CVE-2024-22429

Trust: 1.0

sources: NVD: CVE-2024-22429

REFERENCES

url:

https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020

Trust: 1.0

sources: NVD: CVE-2024-22429

SOURCES

db:

NVD

id:

CVE-2024-22429

LAST UPDATE DATE

2025-01-31T23:12:07.797000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2024-22429

date:

2025-01-30T15:48:29.167

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2024-22429

date:

2024-05-17T16:15:07.477