CVE-2024-32855

moderate-risk

Published 2024-06-25

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.8/10 Low

LOCAL / HIGH complexity

Affected Products (20)

Inspiron 3480 Firmware

Inspiron 3580 Firmware

Latitude 3120 Firmware

Latitude 3190 Firmware

Latitude 3190 2-In-1 Firmware

Latitude 3300 Firmware

Latitude 3310 Firmware

Latitude 3310 2-In-1 Firmware

Latitude 3390 2-In-1 Firmware

Latitude 5288 Firmware

Latitude 5290 Firmware

Latitude 5290 2-In-1 Firmware

Latitude 5300 Firmware

Latitude 5300 2-In-1 Firmware

Latitude 5310 Firmware

Latitude 5310 2-In-1 Firmware

Latitude 5400 Firmware

Latitude 5401 Firmware

Latitude 5410 Firmware

Latitude 5411 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/kbdoc/en-us/000225627/dsa-2024-123

/ 100

moderate-risk

Severity 10/34 · Low

Exploitability 0/34 · Minimal

Exposure 28/34 · Critical