6.7

CVE-2024-38483

Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Data is provided by the National Vulnerability Database (NVD)
DellLatitude 5290 2-in-1 Firmware Version < 1.35.0
   DellLatitude 5290 2-in-1 Version-
DellPrecision 3420 Tower Firmware Version < 2.32.0
   DellPrecision 3420 Version-
DellPrecision 3620 Firmware Version < 2.32.0
   DellPrecision 3620 Tower Version-
DellWyse 7040 Thin Client Firmware Version < 1.26.0
   DellWyse 7040 Thin Client Version-
DellPrecision 7720 Firmware Version < 1.37.0
   DellPrecision 7720 Version-
DellPrecision 7520 Firmware Version1.37.0
   DellPrecision 7520 Version-
DellPrecision 5530 2-in-1 Firmware Version < 1.32.8
   DellPrecision 5530 2-in-1 Version-
DellPrecision 5520 Firmware Version < 1.39.0
   DellPrecision 5520 Version-
DellPrecision 3520 Firmware Version < 1.37.0
   DellPrecision 3520 Version-
DellOptiplex 7450 All-in-one Firmware Version < 1.34.0
   DellOptiplex 7450 All-in-one Version-
DellOptiplex 5050 Firmware Version < 1.31.0
   DellOptiplex 5050 Version-
DellOptiplex 3050 All-in-one Firmware Version < 1.34.0
   DellOptiplex 3050 All-in-one Version-
DellOptiplex 3050 Firmware Version < 1.31.0
   DellOptiplex 3050 Version-
DellLatitude 7490 Firmware Version < 1.39.0
   DellLatitude 7490 Version-
DellLatitude 7480 Firmware Version < 1.38.0
   DellLatitude 7480 Version-
DellLatitude 7414 Rugged Firmware Version < 1.47.0
   DellLatitude 7414 Rugged Version-
DellLatitude 7390 2-in-1 Firmware Version < 1.36.0
   DellLatitude 7390 2-in-1 Version-
DellLatitude 7390 Firmware Version < 1.39.0
   DellLatitude 7390 Version-
DellLatitude 7380 Firmware Version < 1.38.0
   DellLatitude 7380 Version-
DellLatitude 7290 Firmware Version < 1.39.0
   DellLatitude 7290 Version-
DellLatitude 7285 2-in-1 Firmware Version < 1.27.0
   DellLatitude 7285 2-in-1 Version-
DellLatitude 7280 Firmware Version < 1.38.0
   DellLatitude 7280 Version-
DellLatitude 5590 Firmware Version < 1.36.0
   DellLatitude 5590 Version-
DellLatitude 5580 Firmware Version < 1.37.0
   DellLatitude 5580 Version-
DellLatitude 5490 Firmware Version < 1.36.0
   DellLatitude 5490 Version-
DellLatitude 5488 Firmware Version < 1.37.0
   DellLatitude 5488 Version-
DellLatitude 5480 Firmware Version < 1.37.0
   DellLatitude 5480 Version-
DellLatitude 5424 Rugged Firmware Version < 1.34.0
   DellLatitude 5424 Rugged Version-
DellLatitude 5420 Rugged Firmware Version < 1.34.0
   DellLatitude 5420 Rugged Version-
DellLatitude 5414 Rugged Firmware Version < 1.47.0
   DellLatitude 5414 Rugged Version-
DellLatitude 5400 Firmware Version < 1.32.0
   DellLatitude 5400 Version-
DellLatitude 5290 Firmware Version < 1.36.0
   DellLatitude 5290 Version-
DellLatitude 5288 Firmware Version < 1.37.0
   DellLatitude 5288 Version-
DellLatitude 5280 Firmware Version < 1.37.0
   DellLatitude 5280 Version-
DellLatitude 3390 2-in-1 Firmware Version < 1.32.0
   DellLatitude 3390 2-in-1 Version-
DellLatitude 3300 Firmware Version < 1.29.0
   DellLatitude 3300 Version-
DellLatitude 13 3380 Firmware Version < 1.28.0
   DellLatitude 13 3380 Version-
DellEmbedded Box Pc 5000 Firmware Version < 1.26.0
   DellEmbedded Box Pc 5000 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.086
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com 5.8 0.3 5.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.