CVE-2024-0160 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dell	CNA	6.8 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Affected Products (NVD)

Vendor	Product	Version
dell	xps_17_9700_firmware	𝑥 < 1.30.0
dell	xps_15_9500_firmware	𝑥 < 1.31.0
dell	vostro_7500_firmware	𝑥 < 1.28.0
dell	precision_5750_firmware	𝑥 < 1.30.0
dell	precision_5550_firmware	𝑥 < 1.31.0
dell	latitude_3520_firmware	𝑥 < 1.36.0
dell	latitude_3510_firmware	𝑥 < 1.29.0
dell	latitude_3420_firmware	𝑥 < 1.36.0
dell	latitude_3410_firmware	𝑥 < 1.29.0
dell	inspiron_7501_firmware	𝑥 < 1.28.0
dell	inspiron_7500_firmware	𝑥 < 1.28.0
dell	g7_7700_firmware	𝑥 < 1.32.0
dell	g7_7500_firmware	𝑥 < 1.32.0
dell	g5_5500_firmware	𝑥 < 1.30.0
dell	g3_3500_firmware	𝑥 < 1.30.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122

https://www.dell.com/support/kbdoc/en-us/000224763/dsa-2024-122