Dell Client Platform BIOS Vulnerability Lets Attackers Compromise System
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Dell Technologies has recently disclosed a vulnerability affecting its client platform BIOS. This flaw, identified as CVE-2024-39584, could allow high-privileged attackers with local access to bypass Secure Boot and execute arbitrary code.
The vulnerability, which involves using a default cryptographic key, poses a serious risk to affected systems.
CVE-2024-39584 – Details of the Vulnerability
The vulnerability has been assigned a CVSS base score of 8.2, indicating a high severity level. The CVSS vector string for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
If CVE-2024-39584 is exploited, this score reflects the potential impact on confidentiality, integrity, and availability. Dell Technologies advises customers to consider the CVSS base score and any relevant temporal and environmental scores to assess the full potential severity.
Table: Affected Products & Remediation
Product Software/Firmware Affected Versions Remediated Versions Release Date Link Alienware Area 51m R2BIOS< 1.29.01.29.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware Aurora R15 AMDBIOS< 1.15.01.15.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware m15 R3BIOS< 1.29.01.29.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware m15 R4BIOS< 1.24.01.24.0 or later08/28/2024Go to the Drivers & Downloads site for updatesAlienware m17 R3BIOS< 1.29.01.29.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware m17 R4BIOS< 1.24.01.24.0 or later08/28/2024Go to the Drivers & Downloads site for updatesAlienware x14BIOS< 1.21.01.21.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware x15 R1BIOS< 1.24.01.24.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware x15 R2BIOS< 1.22.01.22.0 or later08/28/2024Go to the Drivers & Downloads site for updatesAlienware x17 R1BIOS< 1.24.01.24.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware x17 R2BIOS< 1.22.01.22.0 or later08/28/2024Go to the Drivers & Downloads site for updates
Response and Recommendations
Dell Technologies has promptly released updates to remediate the vulnerability across affected products. Customers are urged to update their BIOS to the latest versions, as listed in the table above. The updates are available on the Dell Drivers & Downloads site.
Despite the severity of the vulnerability, no workarounds or mitigations have been provided, making it imperative for users to apply the updates immediately.
The company has acknowledged the BINARLY Research team for identifying and reporting this issue, underscoring the importance of collaboration in cybersecurity.
As threats continue to evolve, Dell remains committed to maintaining the security and integrity of its products. Users are encouraged to stay informed about potential vulnerabilities and ensure their systems are up to date.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
Dell Client Platform BIOS Vulnerability Lets Attackers Compromise System
Author: DhivyaDell Technologies has recently disclosed a vulnerability affecting its client platform BIOS. This flaw, identified as CVE-2024-39584, could allow high-privileged attackers with local access to bypass Secure Boot and execute arbitrary code.
The vulnerability, which involves using a default cryptographic key, poses a serious risk to affected systems.
CVE-2024-39584 – Details of the Vulnerability
The vulnerability has been assigned a CVSS base score of 8.2, indicating a high severity level. The CVSS vector string for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
If CVE-2024-39584 is exploited, this score reflects the potential impact on confidentiality, integrity, and availability. Dell Technologies advises customers to consider the CVSS base score and any relevant temporal and environmental scores to assess the full potential severity.
Table: Affected Products & Remediation
Product Software/Firmware Affected Versions Remediated Versions Release Date Link Alienware Area 51m R2BIOS< 1.29.01.29.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware Aurora R15 AMDBIOS< 1.15.01.15.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware m15 R3BIOS< 1.29.01.29.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware m15 R4BIOS< 1.24.01.24.0 or later08/28/2024Go to the Drivers & Downloads site for updatesAlienware m17 R3BIOS< 1.29.01.29.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware m17 R4BIOS< 1.24.01.24.0 or later08/28/2024Go to the Drivers & Downloads site for updatesAlienware x14BIOS< 1.21.01.21.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware x15 R1BIOS< 1.24.01.24.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware x15 R2BIOS< 1.22.01.22.0 or later08/28/2024Go to the Drivers & Downloads site for updatesAlienware x17 R1BIOS< 1.24.01.24.0 or later08/27/2024Go to the Drivers & Downloads site for updatesAlienware x17 R2BIOS< 1.22.01.22.0 or later08/28/2024Go to the Drivers & Downloads site for updates
Response and Recommendations
Dell Technologies has promptly released updates to remediate the vulnerability across affected products. Customers are urged to update their BIOS to the latest versions, as listed in the table above. The updates are available on the Dell Drivers & Downloads site.
Despite the severity of the vulnerability, no workarounds or mitigations have been provided, making it imperative for users to apply the updates immediately.
The company has acknowledged the BINARLY Research team for identifying and reporting this issue, underscoring the importance of collaboration in cybersecurity.
As threats continue to evolve, Dell remains committed to maintaining the security and integrity of its products. Users are encouraged to stay informed about potential vulnerabilities and ensure their systems are up to date.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
