Lucene search

DellCVE-2024-0171

HistoryJun 25, 2024 - 4:15 p.m.

CVE-2024-0171

2024-06-2516:15:24

CWE-367

dell

web.nvd.nist.gov

cve-2024-0171

toctou race condition

bios vulnerability

local attacker

unauthorized access

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

AI Score

Confidence

Low

EPSS

Percentile

9.1%

JSON

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

Affected configurations

Nvd

Vulners

Node

dellpoweredge_r6615_firmwareRange<1.8.3

AND

dellpoweredge_r6615Match-

Node

dellpoweredge_r7615_firmwareRange<1.8.3

AND

dellpoweredge_r7615Match-

Node

dellpoweredge_r6625_firmwareRange<1.8.3

AND

dellpoweredge_r6625Match-

Node

dellpoweredge_r7625_firmwareRange<1.8.3

AND

dellpoweredge_r7625Match-

Node

dellpoweredge_c6615_firmwareRange<1.3.3

AND

dellpoweredge_c6615Match-

Node

dellxc_core_xc7625_firmwareRange<1.8.3

AND

dellxc_core_xc7625Match-

VendorProductVersionCPE
dellpoweredge_r6615_firmware*cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
dellpoweredge_r6615-cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*
dellpoweredge_r7615_firmware*cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
dellpoweredge_r7615-cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*
dellpoweredge_r6625_firmware*cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
dellpoweredge_r6625-cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*
dellpoweredge_r7625_firmware*cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
dellpoweredge_r7625-cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*
dellpoweredge_c6615_firmware*cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*
dellpoweredge_c6615-cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	poweredge_r6615_firmware	*	cpe:2.3:o:dell:poweredge_r6615_firmware::::::::
dell	poweredge_r6615	-	cpe:2.3:h:dell:poweredge_r6615:-:::::::*
dell	poweredge_r7615_firmware	*	cpe:2.3:o:dell:poweredge_r7615_firmware::::::::
dell	poweredge_r7615	-	cpe:2.3:h:dell:poweredge_r7615:-:::::::*
dell	poweredge_r6625_firmware	*	cpe:2.3:o:dell:poweredge_r6625_firmware::::::::
dell	poweredge_r6625	-	cpe:2.3:h:dell:poweredge_r6625:-:::::::*
dell	poweredge_r7625_firmware	*	cpe:2.3:o:dell:poweredge_r7625_firmware::::::::
dell	poweredge_r7625	-	cpe:2.3:h:dell:poweredge_r7625:-:::::::*
dell	poweredge_c6615_firmware	*	cpe:2.3:o:dell:poweredge_c6615_firmware::::::::
dell	poweredge_c6615	-	cpe:2.3:h:dell:poweredge_c6615:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerEdge Platform",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.8.3",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.3.3",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

AI Score

Confidence

Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-0171