Latitude 3440 Firmware
CVE-2024-0158
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges
AnalysisAI
Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges Affected products include: Dell Alienware M15 R6 Firmware, Dell Alienware M15 R7 Firmware, Dell Alienware M16 R1 Firmware, Dell Alienware M18 R1 Firmware, Dell Alienware M18 R2 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Latitude 3440 Firmware
View allDell Client Platform BIOS contains a Weak Authentication vulnerability. Rated high severity (CVSS 8.2), this vulnerabili
Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. Rated medium severity (CVSS 6.9), this v
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. Rated medium severity (CVSS 6.3). No vendor patch a
Dell BIOS contains an Out-of-Bounds Write vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low att
Dell BIOS contains an improper authentication vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low at
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today