CVE-2024-52541
Published: 19 February 2025
Description
Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Security Summary
CVE-2024-52541 is a Weak Authentication vulnerability in the Dell Client Platform BIOS. This flaw, associated with CWE-1390, affects Dell client systems running the impacted BIOS firmware. Published on February 19, 2025, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact despite requiring local access and high privileges.
A high-privileged attacker with local access to the affected system could exploit this vulnerability to achieve elevation of privileges. The low attack complexity and lack of user interaction requirements make it feasible for such an attacker to bypass authentication mechanisms in the BIOS, potentially gaining broader control over the system's firmware and hardware resources.
Dell has addressed this issue in security advisory DSA-2025-021, available at https://www.dell.com/support/kbdoc/en-us/000258429/dsa-2025-021, which provides details on mitigation steps and available patches for affected BIOS versions. Security practitioners should consult this advisory to identify impacted systems and apply the recommended firmware updates promptly.
Details
- CWE(s)