CVE-2024-39584 - Vulnerability Details

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Dell	Alienware Area 51m R2 Alienware Area 51m R2 Firmware Alienware Aurora R13 Alienware Aurora R13 Firmware Alienware Aurora R15 Alienware Aurora R15 Amd Alienware Aurora R15 Amd Firmware Alienware Aurora R15 Firmware Alienware Aurora Ryzen Edition R14 Alienware Aurora Ryzen Edition R14 Firmware Alienware M15 R3 Alienware M15 R3 Firmware Alienware M15 R4 Alienware M15 R4 Firmware Alienware M17 R3 Alienware M17 R3 Firmware Alienware M17 R4 Alienware M17 R4 Firmware Alienware X14 Alienware X14 Firmware Alienware X15 R1 Alienware X15 R1 Firmware Alienware X15 R2 Alienware X15 R2 Firmware Alienware X17 R1 Alienware X17 R1 Firmware Alienware X17 R2 Alienware X17 R2 Firmware Aurora R16 Aurora R16 Firmware Inspiron 15 3510 Inspiron 15 3510 Firmware Inspiron 15 3521 Inspiron 15 3521 Firmware Inspiron 3502 Inspiron 3502 Firmware Xps 8950 Xps 8950 Firmware Xps 8960 Xps 8960 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dell:xps_8960_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_8960:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:xps_8950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_8950:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:inspiron_15_3521_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_15_3521:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:inspiron_15_3510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_15_3510:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:aurora_r16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:aurora_r16:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:alienware_x17_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x17_r2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:alienware_x15_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x15_r2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:alienware_x14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_x14:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dell:alienware_aurora_r15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r15:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dell:alienware_aurora_r13_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_aurora_r13:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354

History

Fri, 20 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell alienware Area 51m R2 Dell alienware Aurora R13 Dell alienware Aurora R13 Firmware Dell alienware Aurora R15 Dell alienware Aurora R15 Amd Dell alienware Aurora R15 Firmware Dell alienware Aurora Ryzen Edition R14 Dell alienware Aurora Ryzen Edition R14 Firmware Dell alienware M15 R3 Dell alienware M15 R4 Dell alienware M15 R4 Firmware Dell alienware M17 R3 Dell alienware M17 R4 Dell alienware M17 R4 Firmware Dell alienware X14 Dell alienware X15 R1 Dell alienware X15 R2 Dell alienware X15 R2 Firmware Dell alienware X17 R1 Dell alienware X17 R2 Dell alienware X17 R2 Firmware Dell aurora R16 Dell aurora R16 Firmware Dell inspiron 15 3510 Dell inspiron 15 3510 Firmware Dell inspiron 15 3521 Dell inspiron 15 3521 Firmware Dell inspiron 3502 Dell inspiron 3502 Firmware Dell xps 8950 Dell xps 8950 Firmware Dell xps 8960 Dell xps 8960 Firmware
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:h:dell:alienware_area_51m_r2:-:::::::* cpe:2.3:h:dell:alienware_aurora_r13:-:::::::* cpe:2.3:h:dell:alienware_aurora_r15:-:::::::* cpe:2.3:h:dell:alienware_aurora_r15_amd:-:::::::* cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:::::::* cpe:2.3:h:dell:alienware_m15_r3:-:::::::* cpe:2.3:h:dell:alienware_m15_r4:-:::::::* cpe:2.3:h:dell:alienware_m17_r3:-:::::::* cpe:2.3:h:dell:alienware_m17_r4:-:::::::* cpe:2.3:h:dell:alienware_x14:-:::::::* cpe:2.3:h:dell:alienware_x15_r1:-:::::::* cpe:2.3:h:dell:alienware_x15_r2:-:::::::* cpe:2.3:h:dell:alienware_x17_r1:-:::::::* cpe:2.3:h:dell:alienware_x17_r2:-:::::::* cpe:2.3:h:dell:aurora_r16:-:::::::* cpe:2.3:h:dell:inspiron_15_3510:-:::::::* cpe:2.3:h:dell:inspiron_15_3521:-:::::::* cpe:2.3:h:dell:inspiron_3502:-:::::::* cpe:2.3:h:dell:xps_8950:-:::::::* cpe:2.3:h:dell:xps_8960:-:::::::* cpe:2.3:o:dell:alienware_area_51m_r2_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_r13_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_r15_firmware:::::::: cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:::::::: cpe:2.3:o:dell:alienware_m15_r3_firmware:::::::: cpe:2.3:o:dell:alienware_m15_r4_firmware:::::::: cpe:2.3:o:dell:alienware_m17_r3_firmware:::::::: cpe:2.3:o:dell:alienware_m17_r4_firmware:::::::: cpe:2.3:o:dell:alienware_x14_firmware:::::::: cpe:2.3:o:dell:alienware_x15_r2_firmware:::::::: cpe:2.3:o:dell:alienware_x17_r2_firmware:::::::: cpe:2.3:o:dell:aurora_r16_firmware:::::::: cpe:2.3:o:dell:inspiron_15_3510_firmware:::::::: cpe:2.3:o:dell:inspiron_15_3521_firmware:::::::: cpe:2.3:o:dell:inspiron_3502_firmware:::::::: cpe:2.3:o:dell:xps_8950_firmware:::::::: cpe:2.3:o:dell:xps_8960_firmware::::::::
Vendors & Products		Dell alienware Area 51m R2 Dell alienware Aurora R13 Dell alienware Aurora R13 Firmware Dell alienware Aurora R15 Dell alienware Aurora R15 Amd Dell alienware Aurora R15 Firmware Dell alienware Aurora Ryzen Edition R14 Dell alienware Aurora Ryzen Edition R14 Firmware Dell alienware M15 R3 Dell alienware M15 R4 Dell alienware M15 R4 Firmware Dell alienware M17 R3 Dell alienware M17 R4 Dell alienware M17 R4 Firmware Dell alienware X14 Dell alienware X15 R1 Dell alienware X15 R2 Dell alienware X15 R2 Firmware Dell alienware X17 R1 Dell alienware X17 R2 Dell alienware X17 R2 Firmware Dell aurora R16 Dell aurora R16 Firmware Dell inspiron 15 3510 Dell inspiron 15 3510 Firmware Dell inspiron 15 3521 Dell inspiron 15 3521 Firmware Dell inspiron 3502 Dell inspiron 3502 Firmware Dell xps 8950 Dell xps 8950 Firmware Dell xps 8960 Dell xps 8960 Firmware

Wed, 28 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell alienware Area 51m R2 Firmware Dell alienware Aurora R15 Amd Firmware Dell alienware M15 R3 Firmware Dell alienware M17 R3 Firmware Dell alienware X14 Firmware Dell alienware X15 R1 Firmware Dell alienware X17 R1 Firmware
CPEs		cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:::::::* cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:::::::: cpe:2.3:o:dell:alienware_m15_r3_firmware:-:::::::* cpe:2.3:o:dell:alienware_m17_r3_firmware:-:::::::* cpe:2.3:o:dell:alienware_x14_firmware:-:::::::* cpe:2.3:o:dell:alienware_x15_r1_firmware:::::::: cpe:2.3:o:dell:alienware_x17_r1_firmware::::::::
Vendors & Products		Dell Dell alienware Area 51m R2 Firmware Dell alienware Aurora R15 Amd Firmware Dell alienware M15 R3 Firmware Dell alienware M17 R3 Firmware Dell alienware X14 Firmware Dell alienware X15 R1 Firmware Dell alienware X17 R1 Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 28 Aug 2024 06:00:00 +0000

Type	Values Removed	Values Added
Description		Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
Weaknesses		CWE-1392
References		https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354
Metrics		cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-08-28T05:46:40.013Z

Updated: 2024-08-28T14:15:01.978Z

Reserved: 2024-06-26T02:16:08.993Z

Link: CVE-2024-39584

Vulnrichment

Updated: 2024-08-28T14:14:07.951Z

NVD

Status : Analyzed

Published: 2024-08-28T06:15:05.607

Modified: 2024-12-20T14:38:16.543

Link: CVE-2024-39584

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object