Sign-up

ID

VAR-202405-3505


CVE

CVE-2024-22429


TITLE

Vulnerabilities in multiple Dell products

Trust: 0.8

sources: JVNDB: JVNDB-2024-017849

DESCRIPTION

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. Dell Edge Gateway 5000 firmware, precision 5820 tower firmware, Dell Edge Gateway 3000 Unspecified vulnerabilities exist in multiple Dell products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-22429 // JVNDB: JVNDB-2024-017849

AFFECTED PRODUCTS

vendor:dellmodel:embedded box pc 5000scope:ltversion:1.25.0

Trust: 1.0

vendor:dellmodel:precision 3620 towerscope:ltversion:2.30.0

Trust: 1.0

vendor:dellmodel:latitude 5290scope:ltversion:1.35.0

Trust: 1.0

vendor:dellmodel:latitude 5580scope:ltversion:1.36.0

Trust: 1.0

vendor:dellmodel:latitude 7424 rugged extremescope:ltversion:1.32.0

Trust: 1.0

vendor:dellmodel:latitude 5288scope:ltversion:1.36.0

Trust: 1.0

vendor:dellmodel:latitude 7280scope:ltversion:1.37.0

Trust: 1.0

vendor:dellmodel:precision 5520scope:ltversion:1.38.0

Trust: 1.0

vendor:dellmodel:edge gateway 5000scope:ltversion:1.28.0

Trust: 1.0

vendor:dellmodel:latitude 3390 2-in-1scope:ltversion:1.31.0

Trust: 1.0

vendor:dellmodel:latitude 5400scope:ltversion:1.30.0

Trust: 1.0

vendor:dellmodel:latitude 7480scope:ltversion:1.37.0

Trust: 1.0

vendor:dellmodel:latitude 7380scope:ltversion:1.37.0

Trust: 1.0

vendor:dellmodel:latitude 7414 ruggedscope:ltversion:1.46.0

Trust: 1.0

vendor:dellmodel:latitude 7290scope:ltversion:1.38.0

Trust: 1.0

vendor:dellmodel:latitude 7390scope:ltversion:1.38.0

Trust: 1.0

vendor:dellmodel:latitude 5490scope:ltversion:1.35.0

Trust: 1.0

vendor:dellmodel:latitude 5420 ruggedscope:ltversion:1.32.0

Trust: 1.0

vendor:dellmodel:optiplex 7450 all-in-onescope:ltversion:1.32.0

Trust: 1.0

vendor:dellmodel:latitude 7285 2-in-1scope:ltversion:1.26.0

Trust: 1.0

vendor:dellmodel:latitude 5280scope:ltversion:1.36.0

Trust: 1.0

vendor:dellmodel:optiplex 3050 all-in-onescope:ltversion:1.32.0

Trust: 1.0

vendor:dellmodel:precision 3420 towerscope:ltversion:2.30.0

Trust: 1.0

vendor:dellmodel:latitude 5290 2-in-1scope:ltversion:1.34.0

Trust: 1.0

vendor:dellmodel:precision 3520scope:ltversion:1.36.0

Trust: 1.0

vendor:dellmodel:latitude 5488scope:ltversion:1.36.0

Trust: 1.0

vendor:dellmodel:latitude 7390 2-in-1scope:ltversion:1.35.0

Trust: 1.0

vendor:dellmodel:latitude 5424 ruggedscope:ltversion:1.32.0

Trust: 1.0

vendor:dellmodel:latitude 5590scope:ltversion:1.35.0

Trust: 1.0

vendor:dellmodel:latitude 3190scope:ltversion:1.34.0

Trust: 1.0

vendor:dellmodel:latitude 3180scope:ltversion:1.29.0

Trust: 1.0

vendor:dellmodel:precision 7720scope:ltversion:1.36.0

Trust: 1.0

vendor:dellmodel:latitude 7212 rugged extreme tabletscope:ltversion:1.50.0

Trust: 1.0

vendor:dellmodel:precision 7520scope:ltversion:1.36.0

Trust: 1.0

vendor:dellmodel:latitude 3190 2-in-1scope:ltversion:1.34.0

Trust: 1.0

vendor:dellmodel:latitude 12 rugged extreme 7214scope:ltversion:1.46.0

Trust: 1.0

vendor:dellmodel:wyse 7040 thin clientscope:ltversion:1.25.0

Trust: 1.0

vendor:dellmodel:latitude 5480scope:ltversion:1.36.0

Trust: 1.0

vendor:dellmodel:latitude 13 3380scope:ltversion:1.27.0

Trust: 1.0

vendor:dellmodel:latitude 3189scope:ltversion:1.29.0

Trust: 1.0

vendor:dellmodel:wyse 5070scope:ltversion:1.31.0

Trust: 1.0

vendor:dellmodel:optiplex 5050scope:ltversion:1.30.0

Trust: 1.0

vendor:dellmodel:latitude 7490scope:ltversion:1.38.0

Trust: 1.0

vendor:dellmodel:optiplex 3050scope:ltversion:1.30.0

Trust: 1.0

vendor:dellmodel:precision 5820 towerscope:ltversion:2.36.0

Trust: 1.0

vendor:dellmodel:precision 5530 2-in-1scope:ltversion:1.31.8

Trust: 1.0

vendor:dellmodel:latitude 3300scope:ltversion:1.28.0

Trust: 1.0

vendor:dellmodel:edge gateway 3000scope:ltversion:1.18.0

Trust: 1.0

vendor:dellmodel:latitude 5414 ruggedscope:ltversion:1.46.0

Trust: 1.0

vendor:dellmodel:embedded box pc 3000scope:ltversion:1.24.0

Trust: 1.0

vendor:デルmodel:embedded box pc 5000scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 3189scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 5288scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 3390 2-in-1scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 5400scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 5420 ruggedscope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 13 3380scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 3190 2-in-1scope: - version: -

Trust: 0.8

vendor:デルmodel:dell edge gateway 5000scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 12 rugged extreme 7214scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 3180scope: - version: -

Trust: 0.8

vendor:デルmodel:precision 5820 towerscope: - version: -

Trust: 0.8

vendor:デルmodel:dell edge gateway 3000scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 5290 2-in-1scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 5414 ruggedscope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 5290scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 3190scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 5280scope: - version: -

Trust: 0.8

vendor:デルmodel:latitude 3300scope: - version: -

Trust: 0.8

vendor:デルmodel:embedded box pc 3000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-017849 // NVD: CVE-2024-22429

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com: CVE-2024-22429
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-22429
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-22429
value: MEDIUM

Trust: 0.8

security_alert@emc.com: CVE-2024-22429
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-22429
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-22429
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-017849 // NVD: CVE-2024-22429 // NVD: CVE-2024-22429

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-017849 // NVD: CVE-2024-22429

EXTERNAL IDS

db:NVDid:CVE-2024-22429

Trust: 2.6

db:JVNDBid:JVNDB-2024-017849

Trust: 0.8

sources: JVNDB: JVNDB-2024-017849 // NVD: CVE-2024-22429

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-22429

Trust: 0.8

sources: JVNDB: JVNDB-2024-017849 // NVD: CVE-2024-22429

SOURCES

db:JVNDBid:JVNDB-2024-017849
db:NVDid:CVE-2024-22429

LAST UPDATE DATE

2025-02-04T23:33:52.924000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-017849date:2025-01-31T07:37:00
db:NVDid:CVE-2024-22429date:2025-01-30T15:48:29.167

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-017849date:2025-01-31T00:00:00
db:NVDid:CVE-2024-22429date:2024-05-17T16:15:07.477