CVE-2024-0160

moderate-risk

Published 2024-06-12

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

PHYSICAL / LOW complexity

Affected Products (15)

Xps 17 9700 Firmware

Xps 15 9500 Firmware

Vostro 7500 Firmware

Precision 5750 Firmware

Precision 5550 Firmware

Latitude 3520 Firmware

Latitude 3510 Firmware

Latitude 3420 Firmware

Latitude 3410 Firmware

Inspiron 7501 Firmware

Inspiron 7500 Firmware

G7 7700 Firmware

G7 7500 Firmware

G5 5500 Firmware

G3 3500 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate