7.5
CVE-2024-47238
- EPSS 0.03%
- Published 12.12.2024 18:15:25
- Last modified 04.02.2025 15:52:06
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
Data is provided by the National Vulnerability Database (NVD)
Dell ≫ Embedded Box Pc 3000 Firmware Version < 1.25.0
Dell ≫ Edge Gateway 3001 Firmware Version < 1.19.0
Dell ≫ Edge Gateway 3002 Firmware Version < 1.19.0
Dell ≫ Edge Gateway 3003 Firmware Version < 1.19.0
Dell ≫ Edge Gateway 5000 Firmware Version < 1.29.0
Dell ≫ Edge Gateway 5100 Firmware Version < 1.29.0
Dell ≫ Edge Gateway 3000 Firmware Version < 1.19.0
Dell ≫ Edge Gateway 3200 Firmware Version < 1.19.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.072 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| security_alert@emc.com | 7.5 | 0.8 | 6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.