What is CVE-2015-0949?

CVE-2015-0949 is a high-severity vulnerability in Dell Latitude E6430, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2020-01-30.

How severe is CVE-2015-0949?

High severity. CVSS v3 base score is 7.8 out of 10.

Privilege escalation in Dell Latitude E6430

CVE-2015-0949

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory…

Vulnerability class: Privilege Escalation

EPSS: 0.004 (31.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Dell Latitude E6430 — versions BIOS Revision A09
Dell Latitude_e6430
Dell Latitude_e6430_firmware — versions a09
Hp Elitebook 850 G1 — versions BIOS revision L71 Ver. 01.09
Hp Elitebook_850_g1
Hp Elitebook_850_g1_firmware — versions 01.09

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

cret@cert.org (US Government Resource, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2015-0949?: CVE-2015-0949 is a high-severity vulnerability in Dell Latitude E6430, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2020-01-30.
How severe is CVE-2015-0949?: High severity. CVSS v3 base score is 7.8 out of 10.