Use of hard-coded cryptographic key in Dell products - CVE-2024-39584

 

Use of hard-coded cryptographic key in Dell products - CVE-2024-39584

Published: August 28, 2024 / Updated: August 30, 2024


Vulnerability identifier: #VU96591
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-39584
CWE-ID: CWE-321
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Dell
Affected software:
Alienware Area 51m R2
Alienware Aurora R15 AMD
Alienware m15 R3
Alienware m15 R4
Alienware m17 R3
Alienware m17 R4
Alienware x14
Alienware x15 R1
Alienware x15 R2
Alienware x17 R1
Alienware x17 R2

Detailed vulnerability description

The vulnerability allows a local user to bypass Secure Boot.

The vulnerability exists due to usage of a hard-coded cryptographic key. A local user can bypass Secure Boot restrictions and escalate privileges on the system.


How to mitigate CVE-2024-39584

Install updates from vendor's website.

Sources