BIOS
by Dell
CVEs (114)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2890 | Med | 0.39 | 6.0 | 0.00 | Aug 1, 2015 | The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. | ||
| CVE-2024-0158 | 0.00 | — | 0.00 | Jul 2, 2024 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges | |||
| CVE-2024-32855 | 0.00 | — | 0.00 | Jun 25, 2024 | Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | |||
| CVE-2024-32860 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||
| CVE-2024-32858 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||
| CVE-2024-32859 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||
| CVE-2024-32856 | 0.00 | — | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | |||
| CVE-2024-28970 | 0.00 | — | 0.00 | Jun 12, 2024 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | |||
| CVE-2024-0160 | 0.00 | — | 0.00 | Jun 12, 2024 | Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. | |||
| CVE-2023-32475 | 0.00 | — | 0.00 | Jun 7, 2024 | Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system. | |||
| CVE-2024-22429 | 0.00 | — | 0.00 | May 17, 2024 | Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. | |||
| CVE-2024-22448 | 0.00 | — | 0.00 | Apr 10, 2024 | Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2023-48674 | 0.00 | — | 0.00 | Mar 1, 2024 | Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function. | |||
| CVE-2023-28063 | 0.00 | — | 0.00 | Feb 6, 2024 | Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2023-43088 | 0.00 | — | 0.00 | Dec 22, 2023 | Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | |||
| CVE-2023-39251 | 0.00 | — | 0.00 | Dec 22, 2023 | Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system. | |||
| CVE-2023-32453 | 0.00 | — | 0.00 | Aug 16, 2023 | Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. | |||
| CVE-2023-28075 | 0.00 | — | 0.00 | Aug 16, 2023 | Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. | |||
| CVE-2023-28064 | 0.00 | — | 0.00 | Jun 23, 2023 | Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | |||
| CVE-2023-32480 | 0.00 | — | 0.00 | Jun 23, 2023 | Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. |
- risk 0.39cvss 6.0epss 0.00
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.
- CVE-2024-0158Jul 2, 2024risk 0.00cvss —epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges
- CVE-2024-32855Jun 25, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
- CVE-2024-32860Jun 13, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- CVE-2024-32858Jun 13, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- CVE-2024-32859Jun 13, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- CVE-2024-32856Jun 13, 2024risk 0.00cvss —epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
- CVE-2024-28970Jun 12, 2024risk 0.00cvss —epss 0.00
Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
- CVE-2024-0160Jun 12, 2024risk 0.00cvss —epss 0.00
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.
- CVE-2023-32475Jun 7, 2024risk 0.00cvss —epss 0.00
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
- CVE-2024-22429May 17, 2024risk 0.00cvss —epss 0.00
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
- CVE-2024-22448Apr 10, 2024risk 0.00cvss —epss 0.00
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
- CVE-2023-48674Mar 1, 2024risk 0.00cvss —epss 0.00
Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
- CVE-2023-28063Feb 6, 2024risk 0.00cvss —epss 0.00
Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
- CVE-2023-43088Dec 22, 2023risk 0.00cvss —epss 0.00
Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
- CVE-2023-39251Dec 22, 2023risk 0.00cvss —epss 0.00
Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.
- CVE-2023-32453Aug 16, 2023risk 0.00cvss —epss 0.00
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.
- CVE-2023-28075Aug 16, 2023risk 0.00cvss —epss 0.00
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.
- CVE-2023-28064Jun 23, 2023risk 0.00cvss —epss 0.00
Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.
- CVE-2023-32480Jun 23, 2023risk 0.00cvss —epss 0.00
Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.
Page 1 of 6