CVE-2019-3717 HIGH

CVE-2019-3717

Vendor Dell
Product Dell Client Commercial and Consumer platforms
Published August 5, 2019
Last update September 16, 2024

CVSS base score

7.1/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H

What the vulnerability does

01Description

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

Key dates

02Disclosure timeline

August 5, 2019 CVE published
September 16, 2024 Record updated