Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
Metrics
CVSS Version: 3.1 |
Base Score: 6.9 MEDIUM Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* PHYSICAL Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* CHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-1190 CWE Name: CWE-1190: DMA Device Enabled Too Early in Boot Phase Source: Dell
Common Attack Pattern Enumeration and Classification (CAPEC)