CVE-2024-0160 MEDIUM

CVE-2024-0160

Vendor Dell
Product CPG BIOS
Weakness CWE-863 · Incorrect authorization
Published June 12, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

Key dates

02Disclosure timeline

June 12, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims CVE-2026-32923 OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata CVE-2023-3484 Incorrect Authorization in GitLab