Privilege escalation

2023-05-2211:15:00

PRIOn knowledge base

www.prio-n.com

privilege escalation

dell poweredge

bios vulnerability

arbitrary code execution

smram stack

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

CPENameOperatorVersion
dss_8440_firmwarelt2.18.1
emc_storage_nx3240_firmwarelt2.18.1
emc_storage_nx3340_firmwarelt2.18.1
emc_xc_core_6420_firmwarelt2.18.1
emc_xc_core_xc640_firmwarelt2.18.1
emc_xc_core_xc740xd2_firmwarelt2.18.1
emc_xc_core_xc740xd_firmwarelt2.18.1
emc_xc_core_xc940_firmwarelt2.18.1
emc_xc_core_xcxr2_firmwarelt2.18.1
poweredge_c4140_firmwarelt2.18.1

Name	Operator	Version
dss_8440_firmware	lt	2.18.1
emc_storage_nx3240_firmware	lt	2.18.1
emc_storage_nx3340_firmware	lt	2.18.1
emc_xc_core_6420_firmware	lt	2.18.1
emc_xc_core_xc640_firmware	lt	2.18.1
emc_xc_core_xc740xd2_firmware	lt	2.18.1
emc_xc_core_xc740xd_firmware	lt	2.18.1
emc_xc_core_xc940_firmware	lt	2.18.1
emc_xc_core_xcxr2_firmware	lt	2.18.1
poweredge_c4140_firmware	lt	2.18.1